Added const-time flag to DSA key decoding to avoid potential leak of privkey

author Samuel Weiser <samuel.weiser@iaik.tugraz.at>

Fri, 29 Sep 2017 11:29:25 +0000 (13:29 +0200)

committer Rich Salz <rsalz@openssl.org>

Fri, 29 Sep 2017 17:52:18 +0000 (13:52 -0400)
author Samuel Weiser <samuel.weiser@iaik.tugraz.at>
Fri, 29 Sep 2017 11:29:25 +0000 (13:29 +0200)
committer Rich Salz <rsalz@openssl.org>
Fri, 29 Sep 2017 17:52:18 +0000 (13:52 -0400)
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c

index c4fa105747feb77d1280a363a4ae183b39b33a7a..aac253095141a3917a43cb0c9103ed5346b389d0 100644 (file)
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -258,6 +258,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
          goto dsaerr;
      }
  
+    BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
      if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
          DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
          goto dsaerr;
author	Samuel Weiser <samuel.weiser@iaik.tugraz.at>
	Fri, 29 Sep 2017 11:29:25 +0000 (13:29 +0200)
committer	Rich Salz <rsalz@openssl.org>
	Fri, 29 Sep 2017 17:52:18 +0000 (13:52 -0400)