rsa/rsa_eay.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.

author Andy Polyakov <appro@openssl.org>

Fri, 30 Nov 2018 20:07:18 +0000 (21:07 +0100)

committer Matt Caswell <matt@openssl.org>

Thu, 6 Dec 2018 11:18:35 +0000 (11:18 +0000)
author Andy Polyakov <appro@openssl.org>
Fri, 30 Nov 2018 20:07:18 +0000 (21:07 +0100)
committer Matt Caswell <matt@openssl.org>
Thu, 6 Dec 2018 11:18:35 +0000 (11:18 +0000)
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c

index 1155583d8829d709d95f3a39460fa17077ce4e87..7f20fd6738a7335af3030d6d953b97e413eecd1e 100644 (file)
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -115,6 +115,7 @@
  #include <openssl/rsa.h>
  #include <openssl/rand.h>
  #include "bn_int.h"
+#include "constant_time_locl.h"
  
  #ifndef RSA_NULL
  
@@ -587,8 +588,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
          RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
          goto err;
      }
-    if (r < 0)
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    err_clear_last_constant_time(r >= 0);
  
   err:
      if (ctx != NULL) {
author	Andy Polyakov <appro@openssl.org>
	Fri, 30 Nov 2018 20:07:18 +0000 (21:07 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 6 Dec 2018 11:18:35 +0000 (11:18 +0000)