diff options
Diffstat (limited to 'src/lib/libcrypto/bn/bn_blind.c')
-rw-r--r-- | src/lib/libcrypto/bn/bn_blind.c | 37 |
1 files changed, 14 insertions, 23 deletions
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c index 9ed8bc2b40..e060592fdc 100644 --- a/src/lib/libcrypto/bn/bn_blind.c +++ b/src/lib/libcrypto/bn/bn_blind.c | |||
@@ -126,7 +126,7 @@ struct bn_blinding_st | |||
126 | * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ | 126 | * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ |
127 | #endif | 127 | #endif |
128 | CRYPTO_THREADID tid; | 128 | CRYPTO_THREADID tid; |
129 | int counter; | 129 | unsigned int counter; |
130 | unsigned long flags; | 130 | unsigned long flags; |
131 | BN_MONT_CTX *m_ctx; | 131 | BN_MONT_CTX *m_ctx; |
132 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 132 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
@@ -160,10 +160,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) | |||
160 | if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) | 160 | if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) |
161 | BN_set_flags(ret->mod, BN_FLG_CONSTTIME); | 161 | BN_set_flags(ret->mod, BN_FLG_CONSTTIME); |
162 | 162 | ||
163 | /* Set the counter to the special value -1 | 163 | ret->counter = BN_BLINDING_COUNTER; |
164 | * to indicate that this is never-used fresh blinding | ||
165 | * that does not need updating before first use. */ | ||
166 | ret->counter = -1; | ||
167 | CRYPTO_THREADID_current(&ret->tid); | 164 | CRYPTO_THREADID_current(&ret->tid); |
168 | return(ret); | 165 | return(ret); |
169 | err: | 166 | err: |
@@ -193,10 +190,7 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) | |||
193 | goto err; | 190 | goto err; |
194 | } | 191 | } |
195 | 192 | ||
196 | if (b->counter == -1) | 193 | if (--(b->counter) == 0 && b->e != NULL && |
197 | b->counter = 0; | ||
198 | |||
199 | if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && | ||
200 | !(b->flags & BN_BLINDING_NO_RECREATE)) | 194 | !(b->flags & BN_BLINDING_NO_RECREATE)) |
201 | { | 195 | { |
202 | /* re-create blinding parameters */ | 196 | /* re-create blinding parameters */ |
@@ -211,8 +205,8 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) | |||
211 | 205 | ||
212 | ret=1; | 206 | ret=1; |
213 | err: | 207 | err: |
214 | if (b->counter == BN_BLINDING_COUNTER) | 208 | if (b->counter == 0) |
215 | b->counter = 0; | 209 | b->counter = BN_BLINDING_COUNTER; |
216 | return(ret); | 210 | return(ret); |
217 | } | 211 | } |
218 | 212 | ||
@@ -233,12 +227,6 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) | |||
233 | return(0); | 227 | return(0); |
234 | } | 228 | } |
235 | 229 | ||
236 | if (b->counter == -1) | ||
237 | /* Fresh blinding, doesn't need updating. */ | ||
238 | b->counter = 0; | ||
239 | else if (!BN_BLINDING_update(b,ctx)) | ||
240 | return(0); | ||
241 | |||
242 | if (r != NULL) | 230 | if (r != NULL) |
243 | { | 231 | { |
244 | if (!BN_copy(r, b->Ai)) ret=0; | 232 | if (!BN_copy(r, b->Ai)) ret=0; |
@@ -259,19 +247,22 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct | |||
259 | int ret; | 247 | int ret; |
260 | 248 | ||
261 | bn_check_top(n); | 249 | bn_check_top(n); |
250 | if ((b->A == NULL) || (b->Ai == NULL)) | ||
251 | { | ||
252 | BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); | ||
253 | return(0); | ||
254 | } | ||
262 | 255 | ||
263 | if (r != NULL) | 256 | if (r != NULL) |
264 | ret = BN_mod_mul(n, n, r, b->mod, ctx); | 257 | ret = BN_mod_mul(n, n, r, b->mod, ctx); |
265 | else | 258 | else |
259 | ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); | ||
260 | |||
261 | if (ret >= 0) | ||
266 | { | 262 | { |
267 | if (b->Ai == NULL) | 263 | if (!BN_BLINDING_update(b,ctx)) |
268 | { | ||
269 | BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); | ||
270 | return(0); | 264 | return(0); |
271 | } | ||
272 | ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); | ||
273 | } | 265 | } |
274 | |||
275 | bn_check_top(n); | 266 | bn_check_top(n); |
276 | return(ret); | 267 | return(ret); |
277 | } | 268 | } |