[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Wed Sep 27 09:15:22 UTC 2017 

The branch OpenSSL_1_0_2-stable has been updated
       via  8372efbd2fd093f4ea9178f95b918b08fd50771e (commit)
       via  a703f4473f1ce8f0080e420800eefb1fba9258ed (commit)
      from  ed0245e08fdf374cd6351a1ae8117d7382115a21 (commit)


- Log -----------------------------------------------------------------
commit 8372efbd2fd093f4ea9178f95b918b08fd50771e
Author: Samuel Weiser <samuel.weiser at iaik.tugraz.at>
Date:   Sat Sep 16 16:52:44 2017 +0200

    BN_copy now propagates BN_FLG_CONSTTIME
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4377)
    
    (cherry picked from commit 9f9442918aeaed5dc2442d81ab8d29fe3e1fb906)

commit a703f4473f1ce8f0080e420800eefb1fba9258ed
Author: Samuel Weiser <samuel.weiser at iaik.tugraz.at>
Date:   Fri Sep 15 22:12:53 2017 +0200

    Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4377)
    
    (cherry picked from commit 3de81a5912041a70884cf4e52e7213f3b5dfa747)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_lib.c  | 3 +++
 crypto/bn/bn_mont.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 10b78f5..f9c65f9 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -524,6 +524,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
     memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
 #endif
 
+    if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(a, BN_FLG_CONSTTIME);
+
     a->top = b->top;
     a->neg = b->neg;
     bn_check_top(a);
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index be95bd5..3af9db8 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -394,6 +394,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
         tmod.dmax = 2;
         tmod.neg = 0;
 
+        if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+            BN_set_flags(&tmod, BN_FLG_CONSTTIME);
+
         mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
 
 # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)

More information about the openssl-commits mailing list