[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Fri Nov 23 16:41:24 UTC 2018 

The branch OpenSSL_1_1_0-stable has been updated
       via  7dac8144a760f0d9780cd7eb0771894874becd78 (commit)
      from  b97cbe05a3a4bf18b6bd6262dbda04b87256a54c (commit)


- Log -----------------------------------------------------------------
commit 7dac8144a760f0d9780cd7eb0771894874becd78
Author: Andy Polyakov <appro at openssl.org>
Date:   Wed Nov 7 22:07:22 2018 +0100

    rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.
    
    Blinding is performed more efficiently and securely if MONT_CTX for public
    modulus is available by the time blinding parameter are instantiated. So
    make sure it's the case.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    
    (cherry picked from commit 2cc3f68cde77af23c61fbad65470602ee86f2575)
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/7586)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_ossl.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index 23f948f..a485c7e 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -280,6 +280,11 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
         goto err;
     }
 
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
     if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
         blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
         if (blinding == NULL) {
@@ -311,13 +316,6 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
         }
         BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
 
-        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-            if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
-                                        rsa->n, ctx)) {
-                BN_free(d);
-                goto err;
-            }
-
         if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
                                    rsa->_method_mod_n)) {
             BN_free(d);

More information about the openssl-commits mailing list