Clear BN_FLG_CONSTTIME on BN_CTX_get()

(cherry picked from commit c8147d37ccaaf28c430d3fb45a14af36597e48b8) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8294)
author: Nicola Tuveri <nic.tuv@gmail.com> 2019-02-08 12:42:25 +0200
committer: Nicola Tuveri <nic.tuv@gmail.com> 2019-02-21 22:03:09 +0200
commit: f499873c2ff5a6da5f1a23c099730f97c822e90c (patch)
tree: 13c400cc1b9882c0f323ad137396c00ea23a6109
parent: c4e901dbdb217a78fcca75478dd8cf3720f6219c (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 68c0468743..51db38b455 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -227,6 +227,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
     }
     /* OK, make sure the returned bignum is "zero" */
     BN_zero(ret);
+    /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+    ret->flags &= (~BN_FLG_CONSTTIME);
     ctx->used++;
     CTXDBG_RET(ctx, ret);
     return ret;
author	Nicola Tuveri <nic.tuv@gmail.com>	2019-02-08 12:42:25 +0200
committer	Nicola Tuveri <nic.tuv@gmail.com>	2019-02-21 22:03:09 +0200
commit	f499873c2ff5a6da5f1a23c099730f97c822e90c (patch)
tree	13c400cc1b9882c0f323ad137396c00ea23a6109
parent	c4e901dbdb217a78fcca75478dd8cf3720f6219c (diff)