DSA inversion fix, simplification and clean.

libressl / openbsd

Source code pulled from OpenBSD for LibreSSL - this includes most of the library and supporting code. The place to contribute to this code is via the OpenBSD CVS tree. Please mail patches to tech@openbsd.org, instead of submitting pull requests, since this tree is often rebased.

231 stars 92 forks source link

DSA inversion fix, simplification and clean. #61

Closed cpereida closed 8 years ago

cpereida commented 8 years ago

The recent change in DSA introduced a bug, the inversion was performed in non-constant time. Additionally, the DSA flag DSA_FLAG_NO_EXP_CONSTTIME is not used and therefore the code is simplified and cleaned.

bbbrumley commented 8 years ago

I verified with gdb that both BN_mod_exp_mont_consttime and BN_mod_inverse_no_branch are getting called with this PR.

@Pereida Great work!

@tedu @bob-beck Please merge this because 136ed09d5042463d64478452fbfa48fe2b863517 is not optimal wrt side-channel security. Fixed the bigger bug but introduced a smaller one :\

busterb commented 8 years ago

Thanks, I sent this patch to tech@openbsd.org for review.

busterb commented 8 years ago

Thanks, applied: https://github.com/libressl-portable/openbsd/commit/d0caaeccbbf9777c50a741f0ba23a98af90321ab