From 8372efbd2fd093f4ea9178f95b918b08fd50771e Mon Sep 17 00:00:00 2001
From: Samuel Weiser <samuel.weiser@iaik.tugraz.at>
Date: Sat, 16 Sep 2017 16:52:44 +0200
Subject: [PATCH] BN_copy now propagates BN_FLG_CONSTTIME

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4377)

(cherry picked from commit 9f9442918aeaed5dc2442d81ab8d29fe3e1fb906)
---
 crypto/bn/bn_lib.c  | 3 +++
 crypto/bn/bn_mont.c | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 10b78f5126..f9c65f9f94 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -524,6 +524,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
     memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
 #endif
 
+    if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(a, BN_FLG_CONSTTIME);
+
     a->top = b->top;
     a->neg = b->neg;
     bn_check_top(a);
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 94e7a8f841..3af9db870b 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -382,8 +382,6 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
     R = &(mont->RR);            /* grab RR as a temp */
     if (!BN_copy(&(mont->N), mod))
         goto err;               /* Set N */
-    if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
-        BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
     mont->N.neg = 0;
 
 #ifdef MONT_WORD
-- 
2.25.1