diff options
| author |   beck <beck@openbsd.org> | 2017-01-25 06:15:44 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2017-01-25 06:15:44 +0000 |
| commit | 572569cdeff0b4a01ff260c18e8a17b78f944df8 (patch) | |
| tree | 94c5c54c0b377f9e9b0fe7e19634051b23668074 /lib/libcrypto/rsa/rsa_chk.c | |
| parent | Provide ssl3_packet_read() and ssl3_packet_extend() functions that improve (diff) | |
| download | wireguard-openbsd-572569cdeff0b4a01ff260c18e8a17b78f944df8.tar.xz wireguard-openbsd-572569cdeff0b4a01ff260c18e8a17b78f944df8.zip | |
Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggested
by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a
sidechannel timing attack during RSA private key generation.
Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force
the use of the _ct or _nonct versions of the function only within
the library.
ok jsing@
Diffstat (limited to 'lib/libcrypto/rsa/rsa_chk.c')
| -rw-r--r-- | lib/libcrypto/rsa/rsa_chk.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/rsa/rsa_chk.c b/lib/libcrypto/rsa/rsa_chk.c index 91616d17cbe..dd9104f3043 100644 --- a/lib/libcrypto/rsa/rsa_chk.c +++ b/lib/libcrypto/rsa/rsa_chk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_chk.c,v 1.11 2017/01/21 11:00:47 beck Exp $ */ +/* $OpenBSD: rsa_chk.c,v 1.12 2017/01/25 06:15:44 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -129,7 +129,7 @@ RSA_check_key(const RSA *key) ret = -1; goto err; } - r = BN_gcd(m, i, j, ctx); + r = BN_gcd_ct(m, i, j, ctx); if (!r) { ret = -1; goto err; |