Commit 15ab3217 authored by Samuel Weiser's avatar Samuel Weiser Committed by Rich Salz
Browse files

Added const-time flag to DSA key decoding to avoid potential leak of privkey 



Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4440)

(cherry picked from commit 6364475a)
parent 6787c60d

crypto/dsa/dsa_ameth.c

+1 −0
Original line number Diff line number Diff line
@@ -175,6 +175,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) 
        goto dsaerr;

    }



    BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);

    if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {

        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);

        goto dsaerr;