Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
c554155b
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
c554155b
编写于
3月 20, 2003
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically for the built-in engine
上级
a1d12dae
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
63 addition
and
13 deletion
+63
-13
CHANGES
CHANGES
+12
-1
crypto/rsa/rsa.h
crypto/rsa/rsa.h
+7
-0
crypto/rsa/rsa_eay.c
crypto/rsa/rsa_eay.c
+27
-8
crypto/rsa/rsa_lib.c
crypto/rsa/rsa_lib.c
+17
-4
未找到文件。
CHANGES
浏览文件 @
c554155b
...
...
@@ -469,8 +469,19 @@
in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
[Bodo Moeller]
*) Turn on RSA blinding by default in the default implementation
to avoid a timing attack. Applications that don't want it can call
RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
They would be ill-advised to do so in most cases.
[Ben Laurie, Steve Henson, Geoff Thorpe]
*) Change RSA blinding code so that it works when the PRNG is not
seeded (in this case, the secret RSA exponent is abused as
an unpredictable seed -- if it is not unpredictable, there
is no point in blinding anyway).
[Bodo Moeller]
yet to be integrated into this CVS branch:
- RSA blinding changes
- Geoff's ENGINE_set_default() fix
*) Target "mingw" now allows native Windows code to be generated in
...
...
crypto/rsa/rsa.h
浏览文件 @
c554155b
...
...
@@ -162,6 +162,11 @@ struct rsa_st
#define RSA_FLAG_CACHE_PUBLIC 0x02
#define RSA_FLAG_CACHE_PRIVATE 0x04
#define RSA_FLAG_BLINDING 0x08
#define RSA_FLAG_NO_BLINDING 0x80
/* new with 0.9.6j and 0.9.7b; the built-in
* RSA implementation now uses blinding by
* default (ignoring RSA_FLAG_BLINDING),
* but other engines might not need it
*/
#define RSA_FLAG_THREAD_SAFE 0x10
/* This flag means the private key operations will be handled by rsa_mod_exp
* and that they do not depend on the private key components being present:
...
...
@@ -174,6 +179,8 @@ struct rsa_st
*/
#define RSA_FLAG_SIGN_VER 0x40
#define RSA_FLAG_NO_BLINDING 0x80
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3
...
...
crypto/rsa/rsa_eay.c
浏览文件 @
c554155b
...
...
@@ -211,6 +211,25 @@ err:
return
(
r
);
}
static
int
rsa_eay_blinding
(
RSA
*
rsa
,
BN_CTX
*
ctx
)
{
int
ret
=
1
;
CRYPTO_w_lock
(
CRYPTO_LOCK_RSA
);
/* Check again inside the lock - the macro's check is racey */
if
(
rsa
->
blinding
==
NULL
)
ret
=
RSA_blinding_on
(
rsa
,
ctx
);
CRYPTO_w_unlock
(
CRYPTO_LOCK_RSA
);
return
ret
;
}
#define BLINDING_HELPER(rsa, ctx, err_instr) \
do { \
if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
((rsa)->blinding == NULL) && \
!rsa_eay_blinding(rsa, ctx)) \
err_instr \
} while(0)
/* signing */
static
int
RSA_eay_private_encrypt
(
int
flen
,
const
unsigned
char
*
from
,
unsigned
char
*
to
,
RSA
*
rsa
,
int
padding
)
...
...
@@ -255,9 +274,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto
err
;
}
if
((
rsa
->
flags
&
RSA_FLAG_BLINDING
)
&&
(
rsa
->
blinding
==
NULL
))
RSA_blinding_on
(
rsa
,
ctx
);
if
(
rsa
->
flags
&
RSA_FLAG_BLINDING
)
BLINDING_HELPER
(
rsa
,
ctx
,
goto
err
;);
if
(
!
(
rsa
->
flags
&
RSA_FLAG_NO_BLINDING
)
)
if
(
!
BN_BLINDING_convert
(
&
f
,
rsa
->
blinding
,
ctx
))
goto
err
;
if
(
(
rsa
->
flags
&
RSA_FLAG_EXT_PKEY
)
||
...
...
@@ -274,7 +293,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
rsa
->
_method_mod_n
))
goto
err
;
}
if
(
rsa
->
flags
&
RSA_FLAG_BLINDING
)
if
(
!
(
rsa
->
flags
&
RSA_FLAG_NO_BLINDING
)
)
if
(
!
BN_BLINDING_invert
(
&
ret
,
rsa
->
blinding
,
ctx
))
goto
err
;
/* put in leading 0 bytes if the number is less than the
...
...
@@ -336,9 +355,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto
err
;
}
if
((
rsa
->
flags
&
RSA_FLAG_BLINDING
)
&&
(
rsa
->
blinding
==
NULL
))
RSA_blinding_on
(
rsa
,
ctx
);
if
(
rsa
->
flags
&
RSA_FLAG_BLINDING
)
BLINDING_HELPER
(
rsa
,
ctx
,
goto
err
;);
if
(
!
(
rsa
->
flags
&
RSA_FLAG_NO_BLINDING
)
)
if
(
!
BN_BLINDING_convert
(
&
f
,
rsa
->
blinding
,
ctx
))
goto
err
;
/* do the decrypt */
...
...
@@ -357,7 +376,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto
err
;
}
if
(
rsa
->
flags
&
RSA_FLAG_BLINDING
)
if
(
!
(
rsa
->
flags
&
RSA_FLAG_NO_BLINDING
)
)
if
(
!
BN_BLINDING_invert
(
&
ret
,
rsa
->
blinding
,
ctx
))
goto
err
;
p
=
buf
;
...
...
crypto/rsa/rsa_lib.c
浏览文件 @
c554155b
...
...
@@ -72,7 +72,9 @@ static const RSA_METHOD *default_RSA_meth=NULL;
RSA
*
RSA_new
(
void
)
{
return
(
RSA_new_method
(
NULL
));
RSA
*
r
=
RSA_new_method
(
NULL
);
return
r
;
}
void
RSA_set_default_method
(
const
RSA_METHOD
*
meth
)
...
...
@@ -307,7 +309,8 @@ void RSA_blinding_off(RSA *rsa)
BN_BLINDING_free
(
rsa
->
blinding
);
rsa
->
blinding
=
NULL
;
}
rsa
->
flags
&=
~
RSA_FLAG_BLINDING
;
rsa
->
flags
&=
~
RSA_FLAG_BLINDING
;
rsa
->
flags
|=
RSA_FLAG_NO_BLINDING
;
}
int
RSA_blinding_on
(
RSA
*
rsa
,
BN_CTX
*
p_ctx
)
...
...
@@ -328,13 +331,23 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
BN_CTX_start
(
ctx
);
A
=
BN_CTX_get
(
ctx
);
if
(
!
BN_rand_range
(
A
,
rsa
->
n
))
goto
err
;
if
((
RAND_status
()
==
0
)
&&
rsa
->
d
!=
NULL
&&
rsa
->
d
->
d
!=
NULL
)
{
/* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
RAND_add
(
rsa
->
d
->
d
,
rsa
->
d
->
dmax
*
sizeof
rsa
->
d
->
d
[
0
],
0
);
if
(
!
BN_pseudo_rand_range
(
A
,
rsa
->
n
))
goto
err
;
}
else
{
if
(
!
BN_rand_range
(
A
,
rsa
->
n
))
goto
err
;
}
if
((
Ai
=
BN_mod_inverse
(
NULL
,
A
,
rsa
->
n
,
ctx
))
==
NULL
)
goto
err
;
if
(
!
rsa
->
meth
->
bn_mod_exp
(
A
,
A
,
rsa
->
e
,
rsa
->
n
,
ctx
,
rsa
->
_method_mod_n
))
goto
err
;
rsa
->
blinding
=
BN_BLINDING_new
(
A
,
Ai
,
rsa
->
n
);
rsa
->
flags
|=
RSA_FLAG_BLINDING
;
rsa
->
flags
|=
RSA_FLAG_BLINDING
;
rsa
->
flags
&=
~
RSA_FLAG_NO_BLINDING
;
BN_free
(
Ai
);
ret
=
1
;
err:
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录