Set flags to 0 before calling BN_with_flags()

BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but overwrites everything else. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR #1231 (cherry picked from commit f92768e6f5259069bd21dbed2b98b3423c1dfca4)
author: Pascal Cuoq <cuoq@trust-in-soft.com> 2015-05-06 11:31:27 +0200
committer: Kurt Roeckx <kurt@roeckx.be> 2015-10-07 20:36:34 +0200
commit: 6481be7346baea1ce0dcfe0a1ff28b0f44e9ce31 (patch)
tree: 27a2d82d77d3b94c905fb6e97d615f839e10274d /crypto/bn
parent: cba874539596a3f6563c4b462793a99965bcf1e1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 97c55ab720..ce59fe701f 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -583,6 +583,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * BN_div_no_branch will be called eventually.
          */
         pB = &local_B;
+        local_B.flags = 0;
         BN_with_flags(pB, B, BN_FLG_CONSTTIME);
         if (!BN_nnmod(B, pB, A, ctx))
             goto err;
@@ -610,6 +611,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * BN_div_no_branch will be called eventually.
          */
         pA = &local_A;
+        local_A.flags = 0;
         BN_with_flags(pA, A, BN_FLG_CONSTTIME);
 
         /* (D, M) := (A/B, A%B) ... */
author	Pascal Cuoq <cuoq@trust-in-soft.com>	2015-05-06 11:31:27 +0200
committer	Kurt Roeckx <kurt@roeckx.be>	2015-10-07 20:36:34 +0200
commit	6481be7346baea1ce0dcfe0a1ff28b0f44e9ce31 (patch)
tree	27a2d82d77d3b94c905fb6e97d615f839e10274d /crypto/bn
parent	cba874539596a3f6563c4b462793a99965bcf1e1 (diff)