Added const-time flag to DSA key decoding to avoid potential leak of privkey

author Samuel Weiser <samuel.weiser@iaik.tugraz.at>

Fri, 29 Sep 2017 11:29:25 +0000 (13:29 +0200)

committer Rich Salz <rsalz@openssl.org>

Fri, 29 Sep 2017 17:06:25 +0000 (13:06 -0400)
author Samuel Weiser <samuel.weiser@iaik.tugraz.at>
Fri, 29 Sep 2017 11:29:25 +0000 (13:29 +0200)
committer Rich Salz <rsalz@openssl.org>
Fri, 29 Sep 2017 17:06:25 +0000 (13:06 -0400)
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c

index 7c0428d3f64085c9f49af0651f780ae5dce27165..fbb912146977a45325a4121b6777da5303090384 100644 (file)
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -175,6 +175,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
          goto dsaerr;
      }
  
+    BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
      if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
          DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
          goto dsaerr;
author	Samuel Weiser <samuel.weiser@iaik.tugraz.at>
	Fri, 29 Sep 2017 11:29:25 +0000 (13:29 +0200)
committer	Rich Salz <rsalz@openssl.org>
	Fri, 29 Sep 2017 17:06:25 +0000 (13:06 -0400)