diff options
author | Andy Polyakov <appro@openssl.org> | 2018-11-07 22:07:22 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-11-23 16:36:39 +0000 |
commit | 7dac8144a760f0d9780cd7eb0771894874becd78 (patch) | |
tree | 344172484d8992015910f690d7d626ac2cfc2ee6 | |
parent | b97cbe05a3a4bf18b6bd6262dbda04b87256a54c (diff) |
rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.
Blinding is performed more efficiently and securely if MONT_CTX for public
modulus is available by the time blinding parameter are instantiated. So
make sure it's the case.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 2cc3f68cde77af23c61fbad65470602ee86f2575)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7586)
-rw-r--r-- | crypto/rsa/rsa_ossl.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 23f948fbbb..a485c7ef47 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -280,6 +280,11 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, goto err; } + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, + rsa->n, ctx)) + goto err; + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { blinding = rsa_get_blinding(rsa, &local_blinding, ctx); if (blinding == NULL) { @@ -311,13 +316,6 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, - rsa->n, ctx)) { - BN_free(d); - goto err; - } - if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, rsa->_method_mod_n)) { BN_free(d); |