Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
openssl-ibmca
0001-engine-Enable-RSA-blinding-and-offload-bli...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-engine-Enable-RSA-blinding-and-offload-blinding-setu.patch of Package openssl-ibmca
From f8de68aa5edd882c6ec7393fb88b8298f7b6d1e1 Mon Sep 17 00:00:00 2001 From: Ingo Franzki <ifranzki@linux.ibm.com> Date: Wed, 22 Mar 2023 09:53:23 +0100 Subject: [PATCH] engine: Enable RSA blinding and offload blinding setup to libica For whatever reason RSA blinding was disabled for the IBMCA engine. One possible reason is that setting up the blinding factors also requires a mod-expo operation, and this operation does not get offloaded to libica, unless a Montgomery context for the public key (modulus) was setup before. Do no longer disable blinding, but make sure that the Montgomery contexts for the public and private keys are cached, like it is done without an engine. That way the mod-expo operation used for setting up the blinding context is also offloaded via ibmca_mod_exp(). Note: Due to a bug in OpenSSL code, the offloading of the mod-expo for the blinding setup does currently not work for private decrypt operations, but only for private encrypt (signature create) operations. Once that bug is fixed in OpenSSL, it will also work for private decrypt operations without an additional change in the IBMCA engine. Related OpenSSL issue: https://github.com/openssl/openssl/issues/20579 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> --- src/ibmca_rsa.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/ibmca_rsa.c b/src/ibmca_rsa.c index 9467ab9..4f9f8b1 100644 --- a/src/ibmca_rsa.c +++ b/src/ibmca_rsa.c @@ -295,7 +295,16 @@ end: static int ibmca_rsa_init(RSA * rsa) { - RSA_blinding_off(rsa); + /* + * Ensure that the MONT_CTXs for public and private keys are cached. + * This enables that ibmca_mod_exp_mont() is also called during + * (re-)setup of the RSA blinding factors. + */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); +#else + rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; +#endif return 1; } -- 2.16.2.windows.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor