On Mon, Mar 31, 2003 at 03:01:27PM -0500, Greaney, Kevin wrote: > I downloaded a snapshot recently, > openssl-e-0.9.6-stable-SNAP-20030327.tar.gz, > and was comparing the files [.crypto.rsa]rsa_eay.c AND > [.crypto.rsa]rsa_lib.c. I noticed > that in rsa_eay.c that the patch used the "positive" when comparing, > RSA_FLAG_BLINDING, > and the snapshot used the negative, RSA_FLAG_NO_BLINDING. Here is the > macro > BLINDING_HELPER, and it shows the differences: [...]
> As for RSA_LIB.C, it looks like only part of the patch has been > applied to the snapshot. [...] The "missing" changes to rsa_lib.c have been obviated by the other changes. (The OPENSSL_NO_FORCE_RSA_BLINDING compilation flag found in the patch no longer exists, but blinding now works when the PRNG has insufficient seeding, and this avoids a severe problem with having blinding always enabled.) -- Bodo M�ller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
