wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.

Browse source 
Blinding is performed more efficiently and securely if MONT_CTX for public
modulus is available by the time blinding parameter are instantiated. So
make sure it's the case.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7586)
This commit is contained in:
Andy Polyakov 2018-11-07 22:07:22 +01:00 committed by Richard Levitte
parent 2a6f57bc09
commit 2cc3f68cde
1 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
crypto/rsa/rsa_ossl.c
View file

@ -286,6 +286,11 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
goto err;
}
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
rsa->n, ctx))
goto err;
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL) {
@ -318,13 +323,6 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
}
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
rsa->n, ctx)) {
BN_free(d);
goto err;
}
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
rsa->_method_mod_n)) {
BN_free(d);