[openssl] master update
Matt Caswell
matt at openssl.org
Thu Oct 31 11:09:39 UTC 2019
The branch master has been updated
via 305bf9c8668aff78e668131061f4eb088457be5f (commit)
from 8e8901e1e497d2a2bc0f56aa711f7462d88820f3 (commit)
- Log -----------------------------------------------------------------
commit 305bf9c8668aff78e668131061f4eb088457be5f
Author: Billy Brumley <bbrumley at gmail.com>
Date: Thu Oct 17 23:30:18 2019 +0300
[crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10209)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_shift.c | 23 ++++++++++-------------
1 file changed, 10 insertions(+), 13 deletions(-)
diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
index cdf66933e9..5481609d0f 100644
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -34,12 +34,10 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
for (i = 0; i < a->top; i++) {
t = *(ap++);
*(rp++) = ((t << 1) | c) & BN_MASK2;
- c = (t & BN_TBIT) ? 1 : 0;
- }
- if (c) {
- *rp = 1;
- r->top++;
+ c = t >> (BN_BITS2 - 1);
}
+ *rp = c;
+ r->top += c;
bn_check_top(r);
return 1;
}
@@ -47,7 +45,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
int BN_rshift1(BIGNUM *r, const BIGNUM *a)
{
BN_ULONG *ap, *rp, t, c;
- int i, j;
+ int i;
bn_check_top(r);
bn_check_top(a);
@@ -58,23 +56,22 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
}
i = a->top;
ap = a->d;
- j = i - (ap[i - 1] == 1);
if (a != r) {
- if (bn_wexpand(r, j) == NULL)
+ if (bn_wexpand(r, i) == NULL)
return 0;
r->neg = a->neg;
}
rp = r->d;
+ r->top = i;
t = ap[--i];
- c = (t & 1) ? BN_TBIT : 0;
- if (t >>= 1)
- rp[i] = t;
+ rp[i] = t >> 1;
+ c = t << (BN_BITS2 - 1);
+ r->top -= (t == 1);
while (i > 0) {
t = ap[--i];
rp[i] = ((t >> 1) & BN_MASK2) | c;
- c = (t & 1) ? BN_TBIT : 0;
+ c = t << (BN_BITS2 - 1);
}
- r->top = j;
if (!r->top)
r->neg = 0; /* don't allow negative zero */
bn_check_top(r);
More information about the openssl-commits
mailing list