Do the error handling in pkey_rsa_decrypt in constant time

author Bernd Edlinger <bernd.edlinger@hotmail.de>

Sun, 3 Mar 2019 09:36:57 +0000 (10:36 +0100)

committer Bernd Edlinger <bernd.edlinger@hotmail.de>

Thu, 7 Mar 2019 21:59:48 +0000 (22:59 +0100)
author Bernd Edlinger <bernd.edlinger@hotmail.de>
Sun, 3 Mar 2019 09:36:57 +0000 (10:36 +0100)
committer Bernd Edlinger <bernd.edlinger@hotmail.de>
Thu, 7 Mar 2019 21:59:48 +0000 (22:59 +0100)
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c

index c10669f8a91b481b8caacd1b0dcfce562571af18..5c0efc84907fd483823657ab9d48d0f3d5e6f99f 100644 (file)
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -1,5 +1,5 @@
  /*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
   *
   * Licensed under the OpenSSL license (the "License").  You may not use
   * this file except in compliance with the License.  You can obtain a copy
@@ -7,6 +7,8 @@
   * https://www.openssl.org/source/license.html
   */
  
+#include "internal/constant_time_locl.h"
+
  #include <stdio.h>
  #include "internal/cryptlib.h"
  #include <openssl/asn1t.h>
@@ -340,10 +342,9 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
          ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
                                    rctx->pad_mode);
      }
-    if (ret < 0)
-        return ret;
-    *outlen = ret;
-    return 1;
+    *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
+    ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
+    return ret;
  }
  
  static int check_padding_md(const EVP_MD *md, int padding)
author	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Sun, 3 Mar 2019 09:36:57 +0000 (10:36 +0100)
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Thu, 7 Mar 2019 21:59:48 +0000 (22:59 +0100)