diff options
| author | appro <appro> | 2011-10-29 19:25:13 +0000 |
|---|---|---|
| committer | appro <appro> | 2011-10-29 19:25:13 +0000 |
| commit | 027e618bc097a9acbd30417bdcf0c94ef8b4f35c (patch) | |
| tree | f72111b03538f19b8a806aa503d8f89de529a12c | |
| parent | 1afaa1d8db1da891366eed64ca5e71f490b34060 (diff) | |
| download | openssl-027e618bc097a9acbd30417bdcf0c94ef8b4f35c.tar.gz | |
bn_exp.c: fix corner case in new constant-time code.
Submitted by: Emilia Kasper
| -rw-r--r-- | crypto/bn/bn_exp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 5c492365f..8454d42f8 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -693,6 +693,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BN_ULONG *np=mont->N.d, *n0=mont->n0; + /* BN_to_montgomery can contaminate words above .top + * [in BN_DEBUG[_DEBUG] build]... */ + for (i=am.top; i<top; i++) am.d[i]=0; + for (i=tmp.top; i<top; i++) tmp.d[i]=0; + bn_scatter5(tmp.d,top,powerbuf,0); bn_scatter5(am.d,am.top,powerbuf,1); bn_mul_mont(tmp.d,am.d,am.d,np,n0,top); |