]> granicus.if.org Git - openssl/commitdiff
[crypto/rsa] Set the constant-time flag in multi-prime RSA too
authorCesar Pereida Garcia <cesar.pereidagarcia@tut.fi>
Fri, 6 Sep 2019 07:48:00 +0000 (10:48 +0300)
committerMatt Caswell <matt@openssl.org>
Fri, 6 Sep 2019 15:11:27 +0000 (16:11 +0100)
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9779)

crypto/rsa/rsa_lib.c

index e7fdbc2aabe839a98a317f3656cad664e6cdffcc..c6e570089fd1b722bf964f67f4d6eda241172dc6 100644 (file)
@@ -409,12 +409,15 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
         if (pinfo == NULL)
             goto err;
         if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) {
-            BN_free(pinfo->r);
-            BN_free(pinfo->d);
-            BN_free(pinfo->t);
+            BN_clear_free(pinfo->r);
+            BN_clear_free(pinfo->d);
+            BN_clear_free(pinfo->t);
             pinfo->r = primes[i];
             pinfo->d = exps[i];
             pinfo->t = coeffs[i];
+            BN_set_flags(pinfo->r, BN_FLG_CONSTTIME);
+            BN_set_flags(pinfo->d, BN_FLG_CONSTTIME);
+            BN_set_flags(pinfo->t, BN_FLG_CONSTTIME);
         } else {
             rsa_multip_info_free(pinfo);
             goto err;