kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't rely on BN_FLG_CONSTTIME in the DSA code.

Browse Source 
DSA is deprecated, but get this aligned with some of the BN_FLG_CONSTTIME work
going on elsewhere.

Change-Id: I676ceab298a69362bef1b61d6f597c5c90da2ff0
Reviewed-on: https://boringssl-review.googlesource.com/8309
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-06-16 15:18:38 -04:00 committed by Adam Langley
parent 99c752ad52
commit aaa39e97f4
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crypto/dsa/dsa.c
View File

@ -442,7 +442,10 @@ int DSA_generate_key(DSA *dsa) {
BN_init(&prk);
BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp(pub_key, dsa->g, &prk, dsa->p, ctx)) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, &dsa->method_mont_lock,
dsa->p, ctx) ||
!BN_mod_exp_mont_consttime(pub_key, dsa->g, &prk, dsa->p, ctx,
dsa->method_mont_p)) {
goto err;
}
@ -789,7 +792,7 @@ int DSA_size(const DSA *dsa) {
int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
BIGNUM **out_r) {
BN_CTX *ctx;
BIGNUM k, kq, qm2, *K, *kinv = NULL, *r = NULL;
BIGNUM k, kq, qm2, *kinv = NULL, *r = NULL;
int ret = 0;
if (!dsa->p || !dsa->q || !dsa->g) {
@ -851,9 +854,8 @@ int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
}
BN_set_flags(&kq, BN_FLG_CONSTTIME);
K = &kq;
if (!BN_mod_exp_mont(r, dsa->g, K, dsa->p, ctx, dsa->method_mont_p)) {
if (!BN_mod_exp_mont_consttime(r, dsa->g, &kq, dsa->p, ctx,
dsa->method_mont_p)) {
goto err;
}
if (!BN_mod(r, r, dsa->q, ctx)) {