Hi,
I downloaded a snapshot recently, openssl-e-0.9.6-stable-SNAP-20030327.tar.gz,
and was comparing the files [.crypto.rsa]rsa_eay.c AND [.crypto.rsa]rsa_lib.c. I noticed
that in rsa_eay.c that the patch used the "positive" when comparing, RSA_FLAG_BLINDING,
and the snapshot used the negative, RSA_FLAG_NO_BLINDING. Here is the macro
BLINDING_HELPER, and it shows the differences:
From the patch:
#define BLINDING_HELPER(rsa, ctx, err_instr) \
do { \
if(((rsa)->flags & RSA_FLAG_BLINDING) && \
((rsa)->blinding == NULL) && \
!rsa_eay_blinding(rsa, ctx)) \
err_instr \
} while(0)
From the snapshot:
#define BLINDING_HELPER(rsa, ctx, err_instr) \
do { \
if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
((rsa)->blinding == NULL) && \
!rsa_eay_blinding(rsa, ctx)) \
err_instr \
} while(0)
As for RSA_LIB.C, it looks like only part of the patch has been
applied to the snapshot. We call RSA_new_method and it is return is
placed into r, but then we simply return r. We do not check if
OPENSSL_NO_FORCE_RSA_BLINDING is defined not do we set
r->flags with RSA_FLAG_BLINDING.
Have I missed something in the mailing lists that would
explain these differences?
Thanks,
Kevin.
Kevin Greaney SSL for OpenVMS Team
Hewlett Packard Company OpenVMS Engineering Group
110 Spitbrook Road
Nashua, NH 03062
(603) 884-5099
