bn_exp.c: fix corner case in new constant-time code.

author Andy Polyakov <appro@openssl.org>

Sat, 29 Oct 2011 19:25:13 +0000 (19:25 +0000)

committer Andy Polyakov <appro@openssl.org>

Sat, 29 Oct 2011 19:25:13 +0000 (19:25 +0000)
author Andy Polyakov <appro@openssl.org>
Sat, 29 Oct 2011 19:25:13 +0000 (19:25 +0000)
committer Andy Polyakov <appro@openssl.org>
Sat, 29 Oct 2011 19:25:13 +0000 (19:25 +0000)
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c

index 5c492365f3172b1faa94a1473e0781f3dbc61667..8454d42f84609d64025687697f23cf2e149f61a7 100644 (file)
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -693,6 +693,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
  
         BN_ULONG *np=mont->N.d, *n0=mont->n0;
  
+       /* BN_to_montgomery can contaminate words above .top
+        * [in BN_DEBUG[_DEBUG] build]... */
+       for (i=am.top; i<top; i++)      am.d[i]=0;
+       for (i=tmp.top; i<top; i++)     tmp.d[i]=0;
+
         bn_scatter5(tmp.d,top,powerbuf,0);
         bn_scatter5(am.d,am.top,powerbuf,1);
         bn_mul_mont(tmp.d,am.d,am.d,np,n0,top);
author	Andy Polyakov <appro@openssl.org>
	Sat, 29 Oct 2011 19:25:13 +0000 (19:25 +0000)
committer	Andy Polyakov <appro@openssl.org>
	Sat, 29 Oct 2011 19:25:13 +0000 (19:25 +0000)