summaryrefslogtreecommitdiffstats
path: root/crypto/rsa/rsa_lib.c
diff options
context:
space:
mode:
authorBodo Möller <bodo@openssl.org>2007-03-28 00:15:28 +0000
committerBodo Möller <bodo@openssl.org>2007-03-28 00:15:28 +0000
commitbd31fb21454609b125ade1ad569ebcc2a2b9b73c (patch)
tree812dbe6bff6096ca490e26dd48a6bc3fee51b320 /crypto/rsa/rsa_lib.c
parentb506821d43f0b0114d91b74398f0ead4b51cc32b (diff)
Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
Diffstat (limited to 'crypto/rsa/rsa_lib.c')
-rw-r--r--crypto/rsa/rsa_lib.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index c4b5b4731d..dd09609743 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -361,7 +361,8 @@ err:
BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
{
- BIGNUM *e;
+ BIGNUM local_n;
+ BIGNUM *e,*n;
BN_CTX *ctx;
BN_BLINDING *ret = NULL;
@@ -400,7 +401,16 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
}
- ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx,
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ /* Set BN_FLG_CONSTTIME flag */
+ n = &local_n;
+ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+ }
+ else
+ n = rsa->n;
+
+ ret = BN_BLINDING_create_param(NULL, e, n, ctx,
rsa->meth->bn_mod_exp, rsa->_method_mod_n);
if (ret == NULL)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 23:11:21 +0000