summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bn/bn_blind.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/bn/bn_blind.c')
-rw-r--r--src/lib/libcrypto/bn/bn_blind.c37
1 files changed, 14 insertions, 23 deletions
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index 9ed8bc2b40..e060592fdc 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -126,7 +126,7 @@ struct bn_blinding_st
126 * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ 126 * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
127#endif 127#endif
128 CRYPTO_THREADID tid; 128 CRYPTO_THREADID tid;
129 int counter; 129 unsigned int counter;
130 unsigned long flags; 130 unsigned long flags;
131 BN_MONT_CTX *m_ctx; 131 BN_MONT_CTX *m_ctx;
132 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 132 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -160,10 +160,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
160 if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) 160 if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
161 BN_set_flags(ret->mod, BN_FLG_CONSTTIME); 161 BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
162 162
163 /* Set the counter to the special value -1 163 ret->counter = BN_BLINDING_COUNTER;
164 * to indicate that this is never-used fresh blinding
165 * that does not need updating before first use. */
166 ret->counter = -1;
167 CRYPTO_THREADID_current(&ret->tid); 164 CRYPTO_THREADID_current(&ret->tid);
168 return(ret); 165 return(ret);
169err: 166err:
@@ -193,10 +190,7 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
193 goto err; 190 goto err;
194 } 191 }
195 192
196 if (b->counter == -1) 193 if (--(b->counter) == 0 && b->e != NULL &&
197 b->counter = 0;
198
199 if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
200 !(b->flags & BN_BLINDING_NO_RECREATE)) 194 !(b->flags & BN_BLINDING_NO_RECREATE))
201 { 195 {
202 /* re-create blinding parameters */ 196 /* re-create blinding parameters */
@@ -211,8 +205,8 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
211 205
212 ret=1; 206 ret=1;
213err: 207err:
214 if (b->counter == BN_BLINDING_COUNTER) 208 if (b->counter == 0)
215 b->counter = 0; 209 b->counter = BN_BLINDING_COUNTER;
216 return(ret); 210 return(ret);
217 } 211 }
218 212
@@ -233,12 +227,6 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
233 return(0); 227 return(0);
234 } 228 }
235 229
236 if (b->counter == -1)
237 /* Fresh blinding, doesn't need updating. */
238 b->counter = 0;
239 else if (!BN_BLINDING_update(b,ctx))
240 return(0);
241
242 if (r != NULL) 230 if (r != NULL)
243 { 231 {
244 if (!BN_copy(r, b->Ai)) ret=0; 232 if (!BN_copy(r, b->Ai)) ret=0;
@@ -259,19 +247,22 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct
259 int ret; 247 int ret;
260 248
261 bn_check_top(n); 249 bn_check_top(n);
250 if ((b->A == NULL) || (b->Ai == NULL))
251 {
252 BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
253 return(0);
254 }
262 255
263 if (r != NULL) 256 if (r != NULL)
264 ret = BN_mod_mul(n, n, r, b->mod, ctx); 257 ret = BN_mod_mul(n, n, r, b->mod, ctx);
265 else 258 else
259 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
260
261 if (ret >= 0)
266 { 262 {
267 if (b->Ai == NULL) 263 if (!BN_BLINDING_update(b,ctx))
268 {
269 BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
270 return(0); 264 return(0);
271 }
272 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
273 } 265 }
274
275 bn_check_top(n); 266 bn_check_top(n);
276 return(ret); 267 return(ret);
277 } 268 }