Skip to content

Commit b747bfb

Browse files
author
tb
committed
Set up the blinding factors on first use
Only call BN_BLINDING_setup() from BN_BLINDING_update(). This allows another simplification of the counter logic. ok jsing
1 parent db85683 commit b747bfb

File tree

1 file changed

+14
-27
lines changed

1 file changed

+14
-27
lines changed

src/lib/libcrypto/bn/bn_blind.c

Lines changed: 14 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: bn_blind.c,v 1.40 2023/08/09 08:35:59 tb Exp $ */
1+
/* $OpenBSD: bn_blind.c,v 1.41 2023/08/09 08:39:46 tb Exp $ */
22
/* ====================================================================
33
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
44
*
@@ -151,10 +151,8 @@ BN_BLINDING_new(const BIGNUM *e, const BIGNUM *mod)
151151
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
152152
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
153153

154-
/* Set the counter to the special value -1
155-
* to indicate that this is never-used fresh blinding
156-
* that does not need updating before first use. */
157-
ret->counter = -1;
154+
/* Update on first use. */
155+
ret->counter = BN_BLINDING_COUNTER - 1;
158156
CRYPTO_THREADID_current(&ret->tid);
159157

160158
return ret;
@@ -202,12 +200,10 @@ BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
202200
{
203201
int ret = 0;
204202

205-
if (b->counter == -1)
206-
b->counter = 0;
207-
208-
if (++b->counter == BN_BLINDING_COUNTER) {
203+
if (++b->counter >= BN_BLINDING_COUNTER) {
209204
if (!BN_BLINDING_setup(b, ctx))
210205
goto err;
206+
b->counter = 0;
211207
} else {
212208
if (!BN_mod_sqr(b->A, b->A, b->mod, ctx))
213209
goto err;
@@ -218,31 +214,25 @@ BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
218214
ret = 1;
219215

220216
err:
221-
if (b->counter == BN_BLINDING_COUNTER)
222-
b->counter = 0;
223-
224217
return ret;
225218
}
226219

227220
int
228-
BN_BLINDING_convert(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
221+
BN_BLINDING_convert(BIGNUM *n, BIGNUM *inv, BN_BLINDING *b, BN_CTX *ctx)
229222
{
230-
int ret = 1;
223+
int ret = 0;
231224

232-
if (b->counter == -1)
233-
/* Fresh blinding, doesn't need updating. */
234-
b->counter = 0;
235-
else if (!BN_BLINDING_update(b, ctx))
236-
return 0;
225+
if (!BN_BLINDING_update(b, ctx))
226+
goto err;
237227

238-
if (r != NULL) {
239-
if (!bn_copy(r, b->Ai))
240-
ret = 0;
228+
if (inv != NULL) {
229+
if (!bn_copy(inv, b->Ai))
230+
goto err;
241231
}
242232

243-
if (!BN_mod_mul(n, n, b->A, b->mod, ctx))
244-
ret = 0;
233+
ret = BN_mod_mul(n, n, b->A, b->mod, ctx);
245234

235+
err:
246236
return ret;
247237
}
248238

@@ -276,9 +266,6 @@ BN_BLINDING_create_param(const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
276266
if (m_ctx != NULL)
277267
ret->m_ctx = m_ctx;
278268

279-
if (!BN_BLINDING_setup(ret, ctx))
280-
goto err;
281-
282269
return ret;
283270

284271
err:

0 commit comments

Comments
 (0)