[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Wed Sep 27 09:15:12 UTC 2017 

The branch OpenSSL_1_1_0-stable has been updated
       via  a8e047a819b8f8bf8699e0bbfc838e1f23e82051 (commit)
       via  d32bf5494098b4a4bca075640c4c96d2cee1b4f0 (commit)
      from  64aa3d080ed66bd4e1829120312f5a840807c856 (commit)


- Log -----------------------------------------------------------------
commit a8e047a819b8f8bf8699e0bbfc838e1f23e82051
Author: Samuel Weiser <samuel.weiser at iaik.tugraz.at>
Date:   Sat Sep 16 16:52:44 2017 +0200

    BN_copy now propagates BN_FLG_CONSTTIME
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4377)
    
    (cherry picked from commit 9f9442918aeaed5dc2442d81ab8d29fe3e1fb906)

commit d32bf5494098b4a4bca075640c4c96d2cee1b4f0
Author: Samuel Weiser <samuel.weiser at iaik.tugraz.at>
Date:   Fri Sep 15 22:12:53 2017 +0200

    Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4377)
    
    (cherry picked from commit 3de81a5912041a70884cf4e52e7213f3b5dfa747)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_lib.c  | 3 +++
 crypto/bn/bn_mont.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index fd06d08..c2dff7d 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -406,6 +406,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
     memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
 #endif
 
+    if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(a, BN_FLG_CONSTTIME);
+
     a->top = b->top;
     a->neg = b->neg;
     bn_check_top(a);
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 6d37279..faea468 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -270,6 +270,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
         tmod.dmax = 2;
         tmod.neg = 0;
 
+        if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+            BN_set_flags(&tmod, BN_FLG_CONSTTIME);
+
         mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
 
 # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)

More information about the openssl-commits mailing list