RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set.

CVE-2018-0737 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787) Change-Id: I7ff51315e409dd39d6e0e9174d43d3221940bed2
author: Billy Brumley <bbrumley@gmail.com> 2018-04-11 10:10:58 +0300
committer: Dariusz Michaluk <d.michaluk@samsung.com> 2018-07-05 13:46:30 +0200
commit: 712dc5df9cfc3c91b80d1772cf698648f997b22e (patch)
tree: e20f40664e324e4f7c3973641fd419558467c4c2
parent: 6d0cfc576a5b26869c0bf427b2c4f44a3a51556e (diff)
download: openssl-712dc5df9cfc3c91b80d1772cf698648f997b22e.tar.gz
openssl-712dc5df9cfc3c91b80d1772cf698648f997b22e.tar.bz2
openssl-712dc5df9cfc3c91b80d1772cf698648f997b22e.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 9ca5dfe..42b89a8 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
     if (BN_copy(rsa->e, e_value) == NULL)
         goto err;
 
+    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
     BN_set_flags(r2, BN_FLG_CONSTTIME);
     /* generate p and q */
     for (;;) {
author	Billy Brumley <bbrumley@gmail.com>	2018-04-11 10:10:58 +0300
committer	Dariusz Michaluk <d.michaluk@samsung.com>	2018-07-05 13:46:30 +0200
commit	712dc5df9cfc3c91b80d1772cf698648f997b22e (patch)
tree	e20f40664e324e4f7c3973641fd419558467c4c2
parent	6d0cfc576a5b26869c0bf427b2c4f44a3a51556e (diff)
download	openssl-712dc5df9cfc3c91b80d1772cf698648f997b22e.tar.gz openssl-712dc5df9cfc3c91b80d1772cf698648f997b22e.tar.bz2 openssl-712dc5df9cfc3c91b80d1772cf698648f997b22e.zip