diff options
author | Bodo Möller <bodo@openssl.org> | 2007-03-28 00:15:28 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2007-03-28 00:15:28 +0000 |
commit | bd31fb21454609b125ade1ad569ebcc2a2b9b73c (patch) | |
tree | 812dbe6bff6096ca490e26dd48a6bc3fee51b320 /crypto/rsa/rsa_lib.c | |
parent | b506821d43f0b0114d91b74398f0ead4b51cc32b (diff) |
Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
Diffstat (limited to 'crypto/rsa/rsa_lib.c')
-rw-r--r-- | crypto/rsa/rsa_lib.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index c4b5b4731d..dd09609743 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -361,7 +361,8 @@ err: BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { - BIGNUM *e; + BIGNUM local_n; + BIGNUM *e,*n; BN_CTX *ctx; BN_BLINDING *ret = NULL; @@ -400,7 +401,16 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); } - ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx, + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) + { + /* Set BN_FLG_CONSTTIME flag */ + n = &local_n; + BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); + } + else + n = rsa->n; + + ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, rsa->_method_mod_n); if (ret == NULL) { |