diff options
| author | Tomas Mraz <tomas@openssl.org> | 2022-06-09 16:20:05 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-06-16 15:22:35 +0200 |
| commit | 6d702cebfce3ffd9d8c0cb2af80a987d3288e7a3 (patch) | |
| tree | ed3f3a084d21568c6b3853828e39ddaed21a60be /crypto/bn/rsaz_exp_x2.c | |
| parent | 0ae365e1f80648f4c52aa3ac9bbc279b6192b23e (diff) | |
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18510)
Diffstat (limited to 'crypto/bn/rsaz_exp_x2.c')
| -rw-r--r-- | crypto/bn/rsaz_exp_x2.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/bn/rsaz_exp_x2.c b/crypto/bn/rsaz_exp_x2.c index 9969d45e40..6b04486e3f 100644 --- a/crypto/bn/rsaz_exp_x2.c +++ b/crypto/bn/rsaz_exp_x2.c @@ -257,6 +257,9 @@ int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1, from_words52(res1, factor_size, rr1_red); from_words52(res2, factor_size, rr2_red); + bn_reduce_once_in_place(res1, /*carry=*/0, m1, storage, factor_size); + bn_reduce_once_in_place(res2, /*carry=*/0, m2, storage, factor_size); + err: if (storage != NULL) { OPENSSL_cleanse(storage, storage_len_bytes); |