rsa/rsa_eay.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 89072e0c2a483f2ad678e723e112712567b0ceb1) (Merged from https://github.com/openssl/openssl/pull/7737)
author: Andy Polyakov <appro@openssl.org> 2018-11-30 21:07:18 +0100
committer: Matt Caswell <matt@openssl.org> 2018-12-06 11:18:35 +0000
commit: 3b776fd785efb1c0af4b28ad0b8036b23071904d (patch)
tree: 22685f0a258bfea63be3cc9323f6fbaec4b42232
parent: 8db50d6dafc67fbaa0380420fc1f74f977d16606 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 1155583d88..7f20fd6738 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -115,6 +115,7 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 #include "bn_int.h"
+#include "constant_time_locl.h"
 
 #ifndef RSA_NULL
 
@@ -587,8 +588,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
         RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
         goto err;
     }
-    if (r < 0)
-        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    err_clear_last_constant_time(r >= 0);
 
  err:
     if (ctx != NULL) {
author	Andy Polyakov <appro@openssl.org>	2018-11-30 21:07:18 +0100
committer	Matt Caswell <matt@openssl.org>	2018-12-06 11:18:35 +0000
commit	3b776fd785efb1c0af4b28ad0b8036b23071904d (patch)
tree	22685f0a258bfea63be3cc9323f6fbaec4b42232
parent	8db50d6dafc67fbaa0380420fc1f74f977d16606 (diff)