Set up the blinding factors on first use

Only call BN_BLINDING_setup() from BN_BLINDING_update(). This allows another simplification of the counter logic. ok jsing
author: tb <> 2023-08-09 08:39:46 +0000
committer: tb <> 2023-08-09 08:39:46 +0000
commit: d0b6919a361eae5d49e9d5b1cdc9a42225ffabc0 (patch)
tree: f837488492c0c44bb7f42759688817ef69eb6e76 /src
parent: fe61ca1a9898f7a0aac80b732c2fd7e1099ec53d (diff)
download: openbsd-d0b6919a361eae5d49e9d5b1cdc9a42225ffabc0.tar.gz
openbsd-d0b6919a361eae5d49e9d5b1cdc9a42225ffabc0.tar.bz2
openbsd-d0b6919a361eae5d49e9d5b1cdc9a42225ffabc0.zip
1 files changed, 14 insertions, 27 deletions
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index cca211fb4f..996b1d6965 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_blind.c,v 1.40 2023/08/09 08:35:59 tb Exp $ */
+/* $OpenBSD: bn_blind.c,v 1.41 2023/08/09 08:39:46 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
@@ -151,10 +151,8 @@ BN_BLINDING_new(const BIGNUM *e, const BIGNUM *mod)
        if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
                BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
-        /* Set the counter to the special value -1
+        /* Update on first use. */
-         * to indicate that this is never-used fresh blinding
+        ret->counter = BN_BLINDING_COUNTER - 1;
-         * that does not need updating before first use. */
-        ret->counter = -1;
        CRYPTO_THREADID_current(&ret->tid);
        return ret;
@@ -202,12 +200,10 @@ BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
 {
        int ret = 0;
-        if (b->counter == -1)
+        if (++b->counter >= BN_BLINDING_COUNTER) {
-                b->counter = 0;
-        if (++b->counter == BN_BLINDING_COUNTER) {
                if (!BN_BLINDING_setup(b, ctx))
                        goto err;
+                b->counter = 0;
        } else {
                if (!BN_mod_sqr(b->A, b->A, b->mod, ctx))
                        goto err;
@@ -218,31 +214,25 @@ BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
        ret = 1;
 err:
-        if (b->counter == BN_BLINDING_COUNTER)
-                b->counter = 0;
        return ret;
 }
 int
-BN_BLINDING_convert(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+BN_BLINDING_convert(BIGNUM *n, BIGNUM *inv, BN_BLINDING *b, BN_CTX *ctx)
 {
-        int ret = 1;
+        int ret = 0;
-        if (b->counter == -1)
+        if (!BN_BLINDING_update(b, ctx))
-                /* Fresh blinding, doesn't need updating. */
+                goto err;
-                b->counter = 0;
-        else if (!BN_BLINDING_update(b, ctx))
-                return 0;
-        if (r != NULL) {
+        if (inv != NULL) {
-                if (!bn_copy(r, b->Ai))
+                if (!bn_copy(inv, b->Ai))
-                        ret = 0;
+                        goto err;
        }
-        if (!BN_mod_mul(n, n, b->A, b->mod, ctx))
+        ret = BN_mod_mul(n, n, b->A, b->mod, ctx);
-                ret = 0;
+ err:
        return ret;
 }
@@ -276,9 +266,6 @@ BN_BLINDING_create_param(const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
        if (m_ctx != NULL)
                ret->m_ctx = m_ctx;
-        if (!BN_BLINDING_setup(ret, ctx))
-                goto err;
        return ret;
 err:
author	tb <>	2023-08-09 08:39:46 +0000
committer	tb <>	2023-08-09 08:39:46 +0000
commit	d0b6919a361eae5d49e9d5b1cdc9a42225ffabc0 (patch)
tree	f837488492c0c44bb7f42759688817ef69eb6e76 /src
parent	fe61ca1a9898f7a0aac80b732c2fd7e1099ec53d (diff)
download	openbsd-d0b6919a361eae5d49e9d5b1cdc9a42225ffabc0.tar.gz openbsd-d0b6919a361eae5d49e9d5b1cdc9a42225ffabc0.tar.bz2 openbsd-d0b6919a361eae5d49e9d5b1cdc9a42225ffabc0.zip