From 8eda85f7d24d7604121e3a86f64e3a1d6e2a2f95 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 8 Apr 2014 13:44:22 -0500
Subject: move RSA blinding to rsa_cdata creation methods rather than evp_pkey

---
 cryptography/hazmat/backends/openssl/backend.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 900d25c2..3d93e8d8 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -346,9 +346,6 @@ class Backend(object):
         evp_pkey = self._new_evp_pkey()
         rsa_cdata = self._rsa_cdata_from_private_key(private_key)
 
-        res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
-        assert res == 1
-
         res = self._lib.EVP_PKEY_assign_RSA(evp_pkey, rsa_cdata)
         assert res == 1
 
@@ -358,9 +355,6 @@ class Backend(object):
         evp_pkey = self._new_evp_pkey()
         rsa_cdata = self._rsa_cdata_from_public_key(public_key)
 
-        res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
-        assert res == 1
-
         res = self._lib.EVP_PKEY_assign_RSA(evp_pkey, rsa_cdata)
         assert res == 1
 
@@ -391,6 +385,9 @@ class Backend(object):
         ctx.dmp1 = self._int_to_bn(private_key.dmp1)
         ctx.dmq1 = self._int_to_bn(private_key.dmq1)
         ctx.iqmp = self._int_to_bn(private_key.iqmp)
+        res = self._lib.RSA_blinding_on(ctx, self._ffi.NULL)
+        assert res == 1
+
         return ctx
 
     def _rsa_cdata_from_public_key(self, public_key):
@@ -401,6 +398,9 @@ class Backend(object):
         assert ctx != self._ffi.NULL
         ctx.e = self._int_to_bn(public_key.e)
         ctx.n = self._int_to_bn(public_key.n)
+        res = self._lib.RSA_blinding_on(ctx, self._ffi.NULL)
+        assert res == 1
+
         return ctx
 
     def create_rsa_signature_ctx(self, private_key, padding, algorithm):
-- 
cgit v1.2.3