diff options
| author |   tb <tb@openbsd.org> | 2019-06-04 18:10:11 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2019-06-04 18:10:11 +0000 |
| commit | 39378f3ca05f1ceb22bf495c59de61594ada6fa2 (patch) | |
| tree | 42346c6422c957035f886b7cd16d1dd4615598ef | |
| parent | Add missing NULL check for the protocol control block (pcb) pointer in (diff) | |
| download | wireguard-openbsd-39378f3ca05f1ceb22bf495c59de61594ada6fa2.tar.xz wireguard-openbsd-39378f3ca05f1ceb22bf495c59de61594ada6fa2.zip | |
Remove the blinding later to avoid leaking information on the length
of kinv.
Pointed out and fix suggested by David Schrammel and Samuel Weiser
ok jsing
| -rw-r--r-- | lib/libcrypto/dsa/dsa_ossl.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c index fd56e8feeea..50a73c0fa9e 100644 --- a/lib/libcrypto/dsa/dsa_ossl.c +++ b/lib/libcrypto/dsa/dsa_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ossl.c,v 1.40 2018/11/06 07:02:33 tb Exp $ */ +/* $OpenBSD: dsa_ossl.c,v 1.41 2019/06/04 18:10:11 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -165,9 +165,9 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; if (!BN_mod_add(s, &bxr, &bm, dsa->q, ctx)) /* s = bm + bxr */ goto err; - if (!BN_mod_mul(s, s, &binv, dsa->q, ctx)) /* s = m + xr */ + if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) /* s = b(m + xr)k^-1 */ goto err; - if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) + if (!BN_mod_mul(s, s, &binv, dsa->q, ctx)) /* s = (m + xr)k^-1 */ goto err; /* |