commit 8eda85f7d24d7604121e3a86f64e3a1d6e2a2f95
author Paul Kehrer <paul.l.kehrer@gmail.com> Tue Apr 08 13:44:22 2014 -0500
committer Paul Kehrer <paul.l.kehrer@gmail.com> Tue Apr 08 13:44:22 2014 -0500
tree 6d1441483c8f1d4661c885437258eb796cccb609
parent b64162c9091fb91b50c19e48ddfb23d81074d4f4

move RSA blinding to rsa_cdata creation methods rather than evp_pkey

cryptography/hazmat/backends/openssl/backend.py

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 900d25c..3d93e8d 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -346,9 +346,6 @@
         evp_pkey = self._new_evp_pkey()
         rsa_cdata = self._rsa_cdata_from_private_key(private_key)
 
-        res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
-        assert res == 1
-
         res = self._lib.EVP_PKEY_assign_RSA(evp_pkey, rsa_cdata)
         assert res == 1
 
@@ -358,9 +355,6 @@
         evp_pkey = self._new_evp_pkey()
         rsa_cdata = self._rsa_cdata_from_public_key(public_key)
 
-        res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
-        assert res == 1
-
         res = self._lib.EVP_PKEY_assign_RSA(evp_pkey, rsa_cdata)
         assert res == 1
 
@@ -391,6 +385,9 @@
         ctx.dmp1 = self._int_to_bn(private_key.dmp1)
         ctx.dmq1 = self._int_to_bn(private_key.dmq1)
         ctx.iqmp = self._int_to_bn(private_key.iqmp)
+        res = self._lib.RSA_blinding_on(ctx, self._ffi.NULL)
+        assert res == 1
+
         return ctx
 
     def _rsa_cdata_from_public_key(self, public_key):
@@ -401,6 +398,9 @@
         assert ctx != self._ffi.NULL
         ctx.e = self._int_to_bn(public_key.e)
         ctx.n = self._int_to_bn(public_key.n)
+        res = self._lib.RSA_blinding_on(ctx, self._ffi.NULL)
+        assert res == 1
+
         return ctx
 
     def create_rsa_signature_ctx(self, private_key, padding, algorithm):