Google Git
Sign in
boringssl/boringssl/785bb12634b0d2fd39b1e34609bc50366443b67e^!/.
commit
785bb12634b0d2fd39b1e34609bc50366443b67e
[log]
author
hehe.li <hehe.li@unisoc.com>
Tue Dec 06 15:39:46 2022 +0800
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu Dec 08 23:11:03 2022 +0000
tree
d4f60cc3ed32b7cd64c11caecc8c4813aa99a4dd
parent
c3197fc35b8c9ec2974e891e65d13abff5da4216 [diff]
Disable blinding for boringssl_self_test_rsa().

Disable blinding for boringssl_self_test_rsa() to avoid an entropy draw like
the 'k' value for ECDSA is fixed to avoid an entropy draw in boringssl_self_test_ecc().

The boringssl_self_test_rsa() use entropy to generate the blinding factor and
the inverse of blinding factor. Running boringssl_self_test_rsa() from init stage of OS
on some devices as the kernel's entropy pool is not yet initialized, causing the process
to block for seconds.

Bug: None
Change-Id: I4c1119c9950553eec030bedf36ec22ab41088f20
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55545
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>

diff --git a/crypto/fipsmodule/self_check/self_check.c b/crypto/fipsmodule/self_check/self_check.c
index 19f5743..08500e5 100644
--- a/crypto/fipsmodule/self_check/self_check.c
+++ b/crypto/fipsmodule/self_check/self_check.c

@@ -316,6 +316,9 @@
     fprintf(stderr, "RSA key construction failed\n");
     goto err;
   }
+  // Disable blinding for the power-on tests because it's not needed and
+  // triggers an entropy draw.
+  rsa_key->flags |= RSA_FLAG_NO_BLINDING;
 
   // RSA Sign KAT