Disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.

Improved patch from Cesar Pereida. See https://github.com/libressl-portable/openbsd/pull/61 for more details. ok beck@
author: bcook <> 2016-06-21 04:16:53 +0000
committer: bcook <> 2016-06-21 04:16:53 +0000
commit: b789abd90ce8dc508846bc7556ffad3b18c4cd06 (patch)
tree: dd6ba567d5976be5e4a37f408373dc7699d3b21c /src/lib/libcrypto/dsa/dsa_key.c
parent: d73dc1262008dfcbfe5d8b18f9d8808970caa9d5 (diff)
download: openbsd-b789abd90ce8dc508846bc7556ffad3b18c4cd06.tar.gz
openbsd-b789abd90ce8dc508846bc7556ffad3b18c4cd06.tar.bz2
openbsd-b789abd90ce8dc508846bc7556ffad3b18c4cd06.zip
1 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index eaf6da8de7..4732c471ed 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_key.c,v 1.20 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: dsa_key.c,v 1.21 2016/06/21 04:16:53 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -104,18 +104,18 @@ dsa_builtin_keygen(DSA *dsa)
                pub_key=dsa->pub_key;
        
        {
-                BIGNUM local_prk;
+                BIGNUM *prk = BN_new();
-                BIGNUM *prk;
-                if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+                if (prk == NULL)
-                        BN_init(&local_prk);
+                        goto err;
-                        prk = &local_prk;
-                        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+                BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-                } else
-                        prk = priv_key;
-                if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))
+                if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
+                        BN_free(prk);
                        goto err;
+                }
+                BN_free(prk);
        }
        dsa->priv_key = priv_key;
author	bcook <>	2016-06-21 04:16:53 +0000
committer	bcook <>	2016-06-21 04:16:53 +0000
commit	b789abd90ce8dc508846bc7556ffad3b18c4cd06 (patch)
tree	dd6ba567d5976be5e4a37f408373dc7699d3b21c /src/lib/libcrypto/dsa/dsa_key.c
parent	d73dc1262008dfcbfe5d8b18f9d8808970caa9d5 (diff)
download	openbsd-b789abd90ce8dc508846bc7556ffad3b18c4cd06.tar.gz openbsd-b789abd90ce8dc508846bc7556ffad3b18c4cd06.tar.bz2 openbsd-b789abd90ce8dc508846bc7556ffad3b18c4cd06.zip

diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index eaf6da8de7..4732c471ed 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_key.c,v 1.20 2014/10/18 17:20:40 jsing Exp $ */	1	/* $OpenBSD: dsa_key.c,v 1.21 2016/06/21 04:16:53 bcook Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -104,18 +104,18 @@ dsa_builtin_keygen(DSA *dsa)
104	pub_key=dsa->pub_key;	104	pub_key=dsa->pub_key;
105		105
106	{	106	{
107	BIGNUM local_prk;	107	BIGNUM *prk = BN_new();
108	BIGNUM *prk;
109		108
110	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {	109	if (prk == NULL)
111	BN_init(&local_prk);	110	goto err;
112	prk = &local_prk;	111
113	BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);	112	BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
114	} else
115	prk = priv_key;
116		113
117	if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))	114	if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
		115	BN_free(prk);
118	goto err;	116	goto err;
		117	}
		118	BN_free(prk);
119	}	119	}
120		120
121	dsa->priv_key = priv_key;	121	dsa->priv_key = priv_key;