Add a constant time flag to one of the bignums to avoid a timing leak.
authorPauli <paul.dale@oracle.com>
Wed, 31 Oct 2018 22:44:11 +0000 (08:44 +1000)
committerPauli <paul.dale@oracle.com>
Thu, 1 Nov 2018 22:14:35 +0000 (08:14 +1000)
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7549)

(cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239)

crypto/dsa/dsa_ossl.c

index 2dd2d7489a2c68b7ac7cb9d0aca3cf65912ff0cf..7a0b0874c54e0ebb002c27b0c2704c579364bdf8 100644 (file)
@@ -223,6 +223,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
     } while (BN_is_zero(k));
 
     BN_set_flags(k, BN_FLG_CONSTTIME);
+    BN_set_flags(l, BN_FLG_CONSTTIME);
 
     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,