rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.

author Andy Polyakov <appro@openssl.org>

Fri, 14 Sep 2018 10:17:43 +0000 (12:17 +0200)

committer Richard Levitte <levitte@openssl.org>

Sat, 8 Dec 2018 11:56:37 +0000 (12:56 +0100)
author Andy Polyakov <appro@openssl.org>
Fri, 14 Sep 2018 10:17:43 +0000 (12:17 +0200)
committer Richard Levitte <levitte@openssl.org>
Sat, 8 Dec 2018 11:56:37 +0000 (12:56 +0100)
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c

index a485c7ef47f7a1fa2dd92022eaade1c6ee2e7a2b..ed77fadcba58617aaa853f61fb2b13cef6a8053f 100644 (file)
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -10,6 +10,7 @@
  #include "internal/cryptlib.h"
  #include "internal/bn_int.h"
  #include "rsa_locl.h"
+#include "internal/constant_time_locl.h"
  
  static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                    unsigned char *to, RSA *rsa, int padding);
@@ -470,8 +471,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
          RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
          goto err;
      }
-    if (r < 0)
-        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    err_clear_last_constant_time(r >= 0);
  
   err:
      if (ctx != NULL)
author	Andy Polyakov <appro@openssl.org>
	Fri, 14 Sep 2018 10:17:43 +0000 (12:17 +0200)
committer	Richard Levitte <levitte@openssl.org>
	Sat, 8 Dec 2018 11:56:37 +0000 (12:56 +0100)