@@ -319,6 +319,11 @@ def __init__(self, backend, rsa_cdata, evp_pkey):
319319 errors = backend ._consume_errors_with_text ()
320320 raise ValueError ("Invalid private key" , errors )
321321
322+ # Blinding is on by default in many versions of OpenSSL, but let's
323+ # just be conservative here.
324+ res = backend ._lib .RSA_blinding_on (rsa_cdata , backend ._ffi .NULL )
325+ backend .openssl_assert (res == 1 )
326+
322327 self ._backend = backend
323328 self ._rsa_cdata = rsa_cdata
324329 self ._evp_pkey = evp_pkey
@@ -351,8 +356,6 @@ def public_key(self):
351356 ctx = self ._backend ._lib .RSAPublicKey_dup (self ._rsa_cdata )
352357 self ._backend .openssl_assert (ctx != self ._backend ._ffi .NULL )
353358 ctx = self ._backend ._ffi .gc (ctx , self ._backend ._lib .RSA_free )
354- res = self ._backend ._lib .RSA_blinding_on (ctx , self ._backend ._ffi .NULL )
355- self ._backend .openssl_assert (res == 1 )
356359 evp_pkey = self ._backend ._rsa_cdata_to_evp_pkey (ctx )
357360 return _RSAPublicKey (self ._backend , ctx , evp_pkey )
358361
@@ -411,6 +414,11 @@ def sign(self, data, padding, algorithm):
411414@utils .register_interface (RSAPublicKeyWithSerialization )
412415class _RSAPublicKey (object ):
413416 def __init__ (self , backend , rsa_cdata , evp_pkey ):
417+ # Blinding is on by default in many versions of OpenSSL, but let's
418+ # just be conservative here.
419+ res = backend ._lib .RSA_blinding_on (rsa_cdata , backend ._ffi .NULL )
420+ backend .openssl_assert (res == 1 )
421+
414422 self ._backend = backend
415423 self ._rsa_cdata = rsa_cdata
416424 self ._evp_pkey = evp_pkey
0 commit comments