diff options
author | Bodo Möller <bodo@openssl.org> | 2003-03-20 17:31:30 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2003-03-20 17:31:30 +0000 |
commit | c554155b58f5c0dda132048bb0a68a2d1a463d98 (patch) | |
tree | 263b5af55f0311d60fbb400e16e5c42919c8d35c /crypto/rsa/rsa_lib.c | |
parent | a1d12daed2087944f3530f6ec4b5ec23f36ce41a (diff) |
make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically for the built-in engine
Diffstat (limited to 'crypto/rsa/rsa_lib.c')
-rw-r--r-- | crypto/rsa/rsa_lib.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 889c36d3a6..33ca8330c9 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -72,7 +72,9 @@ static const RSA_METHOD *default_RSA_meth=NULL; RSA *RSA_new(void) { - return(RSA_new_method(NULL)); + RSA *r=RSA_new_method(NULL); + + return r; } void RSA_set_default_method(const RSA_METHOD *meth) @@ -307,7 +309,8 @@ void RSA_blinding_off(RSA *rsa) BN_BLINDING_free(rsa->blinding); rsa->blinding=NULL; } - rsa->flags&= ~RSA_FLAG_BLINDING; + rsa->flags &= ~RSA_FLAG_BLINDING; + rsa->flags |= RSA_FLAG_NO_BLINDING; } int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) @@ -328,13 +331,23 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) BN_CTX_start(ctx); A = BN_CTX_get(ctx); - if (!BN_rand_range(A,rsa->n)) goto err; + if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) + { + /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ + RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); + if (!BN_pseudo_rand_range(A,rsa->n)) goto err; + } + else + { + if (!BN_rand_range(A,rsa->n)) goto err; + } if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); - rsa->flags|=RSA_FLAG_BLINDING; + rsa->flags |= RSA_FLAG_BLINDING; + rsa->flags &= ~RSA_FLAG_NO_BLINDING; BN_free(Ai); ret=1; err: |