Disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.

Improved patch from Cesar Pereida. See
https://github.com/libressl-portable/openbsd/pull/61 for more details.

ok beck@

1 files changed, 10 insertions, 10 deletions

diff --git a/lib/libcrypto/dsa/dsa_key.c b/lib/libcrypto/dsa/dsa_key.c
index eaf6da8de7a..4732c471eda 100644
--- a/lib/libcrypto/dsa/dsa_key.c
+++ b/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_key.c,v 1.20 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: dsa_key.c,v 1.21 2016/06/21 04:16:53 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -104,18 +104,18 @@ dsa_builtin_keygen(DSA *dsa)
 		pub_key=dsa->pub_key;
 	
 	{
-		BIGNUM local_prk;
-		BIGNUM *prk;
+		BIGNUM *prk = BN_new();
 
-		if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-			BN_init(&local_prk);
-			prk = &local_prk;
-			BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-		} else
-			prk = priv_key;
+		if (prk == NULL)
+			goto err;
+
+		BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
 
-		if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))
+		if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
+			BN_free(prk);
 			goto err;
+		}
+		BN_free(prk);
 	}
 
 	dsa->priv_key = priv_key;