Change to mitigate branch prediction attacks

Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
author: Bodo Möller <bodo@openssl.org> 2007-03-28 00:15:28 +0000
committer: Bodo Möller <bodo@openssl.org> 2007-03-28 00:15:28 +0000
commit: bd31fb21454609b125ade1ad569ebcc2a2b9b73c (patch)
tree: 812dbe6bff6096ca490e26dd48a6bc3fee51b320 /crypto/bn/bn_blind.c
parent: b506821d43f0b0114d91b74398f0ead4b51cc32b (diff)
download: openssl-bd31fb21454609b125ade1ad569ebcc2a2b9b73c.zip
openssl-bd31fb21454609b125ade1ad569ebcc2a2b9b73c.tar.gz
openssl-bd31fb21454609b125ade1ad569ebcc2a2b9b73c.tar.bz2
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index ccecc63..e9b6173 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -153,7 +153,12 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
 		{
 		if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
 		}
-	ret->mod = mod;
+
+	/* save a copy of mod in the BN_BLINDING structure */
+	if ((ret->mod = BN_dup(mod)) == NULL) goto err;
+	if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+		BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+
 	ret->counter = BN_BLINDING_COUNTER;
 	return(ret);
 err:
@@ -169,6 +174,7 @@ void BN_BLINDING_free(BN_BLINDING *r)
 	if (r->A  != NULL) BN_free(r->A );
 	if (r->Ai != NULL) BN_free(r->Ai);
 	if (r->e  != NULL) BN_free(r->e );
+	if (r->mod != NULL) BN_free(r->mod); 
 	OPENSSL_free(r);
 	}
author	Bodo Möller <bodo@openssl.org>	2007-03-28 00:15:28 +0000
committer	Bodo Möller <bodo@openssl.org>	2007-03-28 00:15:28 +0000
commit	bd31fb21454609b125ade1ad569ebcc2a2b9b73c (patch)
tree	812dbe6bff6096ca490e26dd48a6bc3fee51b320 /crypto/bn/bn_blind.c
parent	b506821d43f0b0114d91b74398f0ead4b51cc32b (diff)
download	openssl-bd31fb21454609b125ade1ad569ebcc2a2b9b73c.zip openssl-bd31fb21454609b125ade1ad569ebcc2a2b9b73c.tar.gz openssl-bd31fb21454609b125ade1ad569ebcc2a2b9b73c.tar.bz2