Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could...
authorSamuel Weiser <samuel.weiser@iaik.tugraz.at>
Fri, 15 Sep 2017 20:12:53 +0000 (22:12 +0200)
committerMatt Caswell <matt@openssl.org>
Wed, 27 Sep 2017 09:12:19 +0000 (10:12 +0100)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4377)

(cherry picked from commit 3de81a5912041a70884cf4e52e7213f3b5dfa747)

crypto/bn/bn_mont.c

index be95bd55d02064793ee505f171f42d0431294049..94e7a8f841c842e09d8d7e37c1b0f86031f40dfe 100644 (file)
@@ -382,6 +382,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
     R = &(mont->RR);            /* grab RR as a temp */
     if (!BN_copy(&(mont->N), mod))
         goto err;               /* Set N */
+    if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
     mont->N.neg = 0;
 
 #ifdef MONT_WORD
@@ -394,6 +396,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
         tmod.dmax = 2;
         tmod.neg = 0;
 
+        if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+            BN_set_flags(&tmod, BN_FLG_CONSTTIME);
+
         mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
 
 # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)