diff options
author | Samuel Weiser <samuel.weiser@iaik.tugraz.at> | 2017-09-29 13:29:25 +0200 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-09-29 13:52:05 -0400 |
commit | 15ab3217799db508dec4c78cbfd185129f8fdfec (patch) | |
tree | ed8d71a097c4398a3179aa4114e591c97820271c /crypto/dsa | |
parent | 6787c60df982fe7631c97ca91eff83b5efac017f (diff) |
Added const-time flag to DSA key decoding to avoid potential leak of privkey
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4440)
(cherry picked from commit 6364475a990449ef33fc270ac00472f7210220f2)
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/dsa_ameth.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 7c0428d3f6..fbb9121469 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -175,6 +175,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) goto dsaerr; } + BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); goto dsaerr; |