[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue Jan 16 16:54:33 UTC 2018
The branch OpenSSL_1_0_2-stable has been updated
via 8837a048ce7ff8d06acf81451d12e617b281444d (commit)
from da9ed72576a6b21a44df5eb913727838e99ff7c8 (commit)
- Log -----------------------------------------------------------------
commit 8837a048ce7ff8d06acf81451d12e617b281444d
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 15 11:23:07 2018 +0000
Revert BN_copy() flag copy semantics change
Commit 9f9442918a changed the semantics of BN_copy() to additionally
copy the BN_FLG_CONSTTIME flag if it is set. This turns out to be
ill advised as it has unintended consequences. For example calling
BN_mod_inverse_no_branch() can sometimes return a result with the flag
set and sometimes not as a result. This can lead to later failures if we
go down code branches that do not support constant time, but check for
the presence of the flag.
The original commit was made due to an issue in BN_MOD_CTX_set(). The
original PR fixed the problem in that function, but it was changed in
review to fix it in BN_copy() instead. The solution seems to be to revert
the BN_copy() change and go back to the originally proposed way.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5080)
(cherry picked from commit 7d461736f7bd3af3c2f266f8541034ecf6f41ed9)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_lib.c | 3 ---
crypto/bn/bn_mont.c | 2 ++
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index f9c65f9..10b78f5 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -524,9 +524,6 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
- if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
- BN_set_flags(a, BN_FLG_CONSTTIME);
-
a->top = b->top;
a->neg = b->neg;
bn_check_top(a);
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 3af9db8..94e7a8f 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -382,6 +382,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
R = &(mont->RR); /* grab RR as a temp */
if (!BN_copy(&(mont->N), mod))
goto err; /* Set N */
+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+ BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
mont->N.neg = 0;
#ifdef MONT_WORD
More information about the openssl-commits
mailing list