Remove the blinding later to avoid leaking information on the length

of kinv. Pointed out and fix suggested by David Schrammel and Samuel Weiser ok jsing
author: tb <> 2019-06-04 18:10:11 +0000
committer: tb <> 2019-06-04 18:10:11 +0000
commit: a23b4d931c9340b198ce07c0b475a4757eb86a37 (patch)
tree: e74a3fd7792bfbeccd212dac69fdd3e68e135594
parent: 99fc3b7bf67460cf807d9a954574bf328e83047a (diff)
download: openbsd-a23b4d931c9340b198ce07c0b475a4757eb86a37.tar.gz
openbsd-a23b4d931c9340b198ce07c0b475a4757eb86a37.tar.bz2
openbsd-a23b4d931c9340b198ce07c0b475a4757eb86a37.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index fd56e8feee..50a73c0fa9 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.40 2018/11/06 07:02:33 tb Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.41 2019/06/04 18:10:11 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -165,9 +165,9 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                goto err;
        if (!BN_mod_add(s, &bxr, &bm, dsa->q, ctx))             /* s = bm + bxr */
                goto err;
-        if (!BN_mod_mul(s, s, &binv, dsa->q, ctx))              /* s = m + xr */
+        if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))       /* s = b(m + xr)k^-1 */
                goto err;
-        if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
+        if (!BN_mod_mul(s, s, &binv, dsa->q, ctx))      /* s = (m + xr)k^-1 */
                goto err;
        /*
author	tb <>	2019-06-04 18:10:11 +0000
committer	tb <>	2019-06-04 18:10:11 +0000
commit	a23b4d931c9340b198ce07c0b475a4757eb86a37 (patch)
tree	e74a3fd7792bfbeccd212dac69fdd3e68e135594
parent	99fc3b7bf67460cf807d9a954574bf328e83047a (diff)
download	openbsd-a23b4d931c9340b198ce07c0b475a4757eb86a37.tar.gz openbsd-a23b4d931c9340b198ce07c0b475a4757eb86a37.tar.bz2 openbsd-a23b4d931c9340b198ce07c0b475a4757eb86a37.zip

diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index fd56e8feee..50a73c0fa9 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_ossl.c,v 1.40 2018/11/06 07:02:33 tb Exp $ */	1	/* $OpenBSD: dsa_ossl.c,v 1.41 2019/06/04 18:10:11 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -165,9 +165,9 @@ dsa_do_sign(const unsigned char dgst, int dlen, DSA dsa)
165	goto err;	165	goto err;
166	if (!BN_mod_add(s, &bxr, &bm, dsa->q, ctx)) /* s = bm + bxr */	166	if (!BN_mod_add(s, &bxr, &bm, dsa->q, ctx)) /* s = bm + bxr */
167	goto err;	167	goto err;
168	if (!BN_mod_mul(s, s, &binv, dsa->q, ctx)) /* s = m + xr */	168	if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) /* s = b(m + xr)k^-1 */
169	goto err;	169	goto err;
170	if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))	170	if (!BN_mod_mul(s, s, &binv, dsa->q, ctx)) /* s = (m + xr)k^-1 */
171	goto err;	171	goto err;
172		172
173	/*	173	/*