Commit 54f007af authored by Matt Caswell's avatar Matt Caswell
Browse files

RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called... 


RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set.

Based on an original patch by Billy Brumley

CVE-2018-0737

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent b0a97931

crypto/rsa/rsa_gen.c

+1 −0
Original line number Diff line number Diff line
@@ -157,6 +157,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, 
            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);

            prime = pinfo->r;

        }

        BN_set_flags(prime, BN_FLG_CONSTTIME);



        for (;;) {

 redo: