rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
author: Andy Polyakov <appro@openssl.org> 2018-09-14 12:17:43 +0200
committer: Matt Caswell <matt@openssl.org> 2018-11-30 13:32:25 +0100
commit: 89072e0c2a483f2ad678e723e112712567b0ceb1 (patch)
tree: 1ec191d35dd083b477cc8ad08549e8608f082e48 /crypto/rsa
parent: err/err.c: add err_clear_last_constant_time. (diff)
download: openssl-89072e0c2a483f2ad678e723e112712567b0ceb1.tar.xz
openssl-89072e0c2a483f2ad678e723e112712567b0ceb1.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index 09762b7d33..465134257f 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -10,6 +10,7 @@
 #include "internal/cryptlib.h"
 #include "internal/bn_int.h"
 #include "rsa_locl.h"
+#include "internal/constant_time_locl.h"
 
 static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                   unsigned char *to, RSA *rsa, int padding);
@@ -479,8 +480,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
         RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
         goto err;
     }
-    if (r < 0)
-        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    err_clear_last_constant_time(r >= 0);
 
  err:
     if (ctx != NULL)
author	Andy Polyakov <appro@openssl.org>	2018-09-14 12:17:43 +0200
committer	Matt Caswell <matt@openssl.org>	2018-11-30 13:32:25 +0100
commit	89072e0c2a483f2ad678e723e112712567b0ceb1 (patch)
tree	1ec191d35dd083b477cc8ad08549e8608f082e48 /crypto/rsa
parent	err/err.c: add err_clear_last_constant_time. (diff)
download	openssl-89072e0c2a483f2ad678e723e112712567b0ceb1.tar.xz openssl-89072e0c2a483f2ad678e723e112712567b0ceb1.zip