[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Wed Sep 27 09:15:01 UTC 2017 

The branch master has been updated
       via  9f9442918aeaed5dc2442d81ab8d29fe3e1fb906 (commit)
       via  3de81a5912041a70884cf4e52e7213f3b5dfa747 (commit)
      from  7966101e20abdcf1da4815dc41e47f52cce02f0f (commit)


- Log -----------------------------------------------------------------
commit 9f9442918aeaed5dc2442d81ab8d29fe3e1fb906
Author: Samuel Weiser <samuel.weiser at iaik.tugraz.at>
Date:   Sat Sep 16 16:52:44 2017 +0200

    BN_copy now propagates BN_FLG_CONSTTIME
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4377)

commit 3de81a5912041a70884cf4e52e7213f3b5dfa747
Author: Samuel Weiser <samuel.weiser at iaik.tugraz.at>
Date:   Fri Sep 15 22:12:53 2017 +0200

    Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4377)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_lib.c  | 3 +++
 crypto/bn/bn_mont.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 9917923..f0a3bf1 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -332,6 +332,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
     if (b->top > 0)
         memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
 
+    if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(a, BN_FLG_CONSTTIME);
+
     a->top = b->top;
     a->neg = b->neg;
     bn_check_top(a);
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 9dad113..9756894 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -270,6 +270,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
         tmod.dmax = 2;
         tmod.neg = 0;
 
+        if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+            BN_set_flags(&tmod, BN_FLG_CONSTTIME);
+
         mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
 
 # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)

More information about the openssl-commits mailing list