aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/dsa
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2016-09-22 13:05:59 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2016-09-22 13:05:59 +0000
commit2c14c598c3061ac2533f997352aa06a2266f44d9 (patch)
tree470894a14935f308eeac93c6cbf6cf25632e1cb1 /crypto/dsa
parent47b11f985b9e0ff561a67e19674de6fbcf79281d (diff)
downloadsrc-vendor/openssl-1.0.1.tar.gz
src-vendor/openssl-1.0.1.zip
Notes
Notes: svn path=/vendor-crypto/openssl/dist-1.0.1/; revision=306191 svn path=/vendor-crypto/openssl/1.0.1u/; revision=306192; tag=vendor/openssl/1.0.1u
Diffstat (limited to 'crypto/dsa')
-rw-r--r--crypto/dsa/dsa_gen.c2
-rw-r--r--crypto/dsa/dsa_ossl.c7
2 files changed, 7 insertions, 2 deletions
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 34c6113c45e2..ba496b2d5f1d 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -195,7 +195,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto err;
if (!seed_len || !seed_in) {
- if (RAND_pseudo_bytes(seed, qsize) < 0)
+ if (RAND_bytes(seed, qsize) <= 0)
goto err;
seed_is_random = 1;
} else {
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 9a3772e00dac..06cd2a2aed67 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -247,11 +247,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
do
if (!BN_rand_range(&k, dsa->q))
goto err;
- while (BN_is_zero(&k)) ;
+ while (BN_is_zero(&k));
+
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
BN_set_flags(&k, BN_FLG_CONSTTIME);
}
+
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
CRYPTO_LOCK_DSA, dsa->p, ctx))
@@ -264,6 +266,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
if (!BN_copy(&kq, &k))
goto err;
+ BN_set_flags(&kq, BN_FLG_CONSTTIME);
+
/*
* We do not want timing information to leak the length of k, so we
* compute g^k using an equivalent exponent of fixed length. (This
@@ -282,6 +286,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
} else {
K = &k;
}
+
DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
dsa->method_mont_p);
if (!BN_mod(r, r, dsa->q, ctx))