Avoid leaking size of exponent

See #1606 for discussion
author: Jack Lloyd <[email protected]> 2018-06-17 11:02:32 -0400
committer: Jack Lloyd <[email protected]> 2018-06-17 11:16:46 -0400
commit: f8afec45c659c870a3930a8e1b9cf26d6f0760d5 (patch)
tree: ff14ed9be67c649ba1b08b787e7530ed096b4c5f /src/lib/pubkey/dsa
parent: b434f6a7518b65fbe5eb1b8e042d2daf10d03671 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp
index 7142e4788..e43c14de2 100644
--- a/src/lib/pubkey/dsa/dsa.cpp
+++ b/src/lib/pubkey/dsa/dsa.cpp
@@ -42,14 +42,14 @@ DSA_PrivateKey::DSA_PrivateKey(RandomNumberGenerator& rng,
    else
       m_x = x_arg;
 
-   m_y = m_group.power_g_p(m_x);
+   m_y = m_group.power_g_p(m_x, m_group.q_bits());
    }
 
 DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id,
                                const secure_vector<uint8_t>& key_bits) :
    DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57)
    {
-   m_y = m_group.power_g_p(m_x);
+   m_y = m_group.power_g_p(m_x, m_group.q_bits());
    }
 
 /*
@@ -111,7 +111,7 @@ DSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
    {
    const BigInt& q = m_group.get_q();
 
-   BigInt m(msg, msg_len, q.bits());
+   BigInt m(msg, msg_len, m_group.q_bits());
 
    while(m >= q)
       m -= q;
@@ -125,7 +125,7 @@ DSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
 
    const BigInt k_inv = inverse_mod(k, q);
 
-   const BigInt r = m_mod_q.reduce(m_group.power_g_p(k));
+   const BigInt r = m_mod_q.reduce(m_group.power_g_p(k, m_group.q_bits()));
 
    /*
    * Blind the input message and compute x*r+m as (x*r*b + m*b)/b
author	Jack Lloyd <[email protected]>	2018-06-17 11:02:32 -0400
committer	Jack Lloyd <[email protected]>	2018-06-17 11:16:46 -0400
commit	f8afec45c659c870a3930a8e1b9cf26d6f0760d5 (patch)
tree	ff14ed9be67c649ba1b08b787e7530ed096b4c5f /src/lib/pubkey/dsa
parent	b434f6a7518b65fbe5eb1b8e042d2daf10d03671 (diff)