summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
authortb <>2019-06-04 18:10:11 +0000
committertb <>2019-06-04 18:10:11 +0000
commita23b4d931c9340b198ce07c0b475a4757eb86a37 (patch)
treee74a3fd7792bfbeccd212dac69fdd3e68e135594 /src/lib/libcrypto/dsa
parent99fc3b7bf67460cf807d9a954574bf328e83047a (diff)
downloadopenbsd-a23b4d931c9340b198ce07c0b475a4757eb86a37.tar.gz
openbsd-a23b4d931c9340b198ce07c0b475a4757eb86a37.tar.bz2
openbsd-a23b4d931c9340b198ce07c0b475a4757eb86a37.zip
Remove the blinding later to avoid leaking information on the length
of kinv. Pointed out and fix suggested by David Schrammel and Samuel Weiser ok jsing
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index fd56e8feee..50a73c0fa9 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_ossl.c,v 1.40 2018/11/06 07:02:33 tb Exp $ */ 1/* $OpenBSD: dsa_ossl.c,v 1.41 2019/06/04 18:10:11 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -165,9 +165,9 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
165 goto err; 165 goto err;
166 if (!BN_mod_add(s, &bxr, &bm, dsa->q, ctx)) /* s = bm + bxr */ 166 if (!BN_mod_add(s, &bxr, &bm, dsa->q, ctx)) /* s = bm + bxr */
167 goto err; 167 goto err;
168 if (!BN_mod_mul(s, s, &binv, dsa->q, ctx)) /* s = m + xr */ 168 if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) /* s = b(m + xr)k^-1 */
169 goto err; 169 goto err;
170 if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) 170 if (!BN_mod_mul(s, s, &binv, dsa->q, ctx)) /* s = (m + xr)k^-1 */
171 goto err; 171 goto err;
172 172
173 /* 173 /*
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-18 23:10:49 +0000