From: Nicola Tuveri <nic.tuv@gmail.com>
Date: Fri, 8 Feb 2019 10:42:25 +0000 (+0200)
Subject: Clear BN_FLG_CONSTTIME on BN_CTX_get()
X-Git-Tag: OpenSSL_1_1_1b~16
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e2e69dce151462e05acd00bd0e56fea56144d485;p=oweals%2Fopenssl.git

Clear BN_FLG_CONSTTIME on BN_CTX_get()

(cherry picked from commit c8147d37ccaaf28c430d3fb45a14af36597e48b8)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8253)
---

diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 228c8537fa..54b799961a 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -227,6 +227,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
     }
     /* OK, make sure the returned bignum is "zero" */
     BN_zero(ret);
+    /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+    ret->flags &= (~BN_FLG_CONSTTIME);
     ctx->used++;
     CTXDBG_RET(ctx, ret);
     return ret;