Fix a SCA leak in BN_generate_dsa_nonce (9e1403d9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/bn/bn_rand.c

+1 −4

Original line number	Diff line number	Diff line
		@@ -225,8 +225,7 @@ int BN_generate_dsa_nonce(BIGNUM out, const BIGNUM range,
		goto err;

		/* We copy \|priv\| into a local buffer to avoid exposing its length. */
		todo = sizeof(priv->d[0]) * priv->top;
		if (todo > sizeof(private_bytes)) {
		if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) {
		/*
		* No reasonable DSA or ECDSA key should have a private key this
		* large and we don't handle this case in order to avoid leaking the
		@@ -235,8 +234,6 @@ int BN_generate_dsa_nonce(BIGNUM out, const BIGNUM range,
		BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
		goto err;
		}
		memcpy(private_bytes, priv->d, todo);
		memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);

		for (done = 0; done < num_k_bytes;) {
		if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)