diff options
author | BoringSSL Robot <178796648329-compute@developer.gserviceaccount.com> | 2024-04-12 13:48:42 +0000 |
---|---|---|
committer | BoringSSL Robot <178796648329-compute@developer.gserviceaccount.com> | 2024-04-12 13:48:42 +0000 |
commit | c638ed8a1bc33c3f08113d9dcf165820764728a2 (patch) | |
tree | 1c71f6c6d115b555b9cb072910a3661d8ca00ed7 /src/crypto/fipsmodule/bn/exponentiation.c | |
parent | 8ed092b54604624002a054bf10c34357f71e7a66 (diff) | |
parent | 23824fa0fed94f4660ffafb15aaea8b317f2c8a6 (diff) | |
download | boringssl-c638ed8a1bc33c3f08113d9dcf165820764728a2.zip boringssl-c638ed8a1bc33c3f08113d9dcf165820764728a2.tar.gz boringssl-c638ed8a1bc33c3f08113d9dcf165820764728a2.tar.bz2 |
update chromium-stable-with-bazel from chromium-stable branchchromium-stable-with-bazel
Diffstat (limited to 'src/crypto/fipsmodule/bn/exponentiation.c')
-rw-r--r-- | src/crypto/fipsmodule/bn/exponentiation.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/crypto/fipsmodule/bn/exponentiation.c b/src/crypto/fipsmodule/bn/exponentiation.c index 632771e..7b24d89 100644 --- a/src/crypto/fipsmodule/bn/exponentiation.c +++ b/src/crypto/fipsmodule/bn/exponentiation.c @@ -898,7 +898,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); return 0; } - if (a->neg || BN_ucmp(a, m) >= 0) { + // |a| is secret, but it is required to be in range, so these comparisons may + // be leaked. + if (a->neg || constant_time_declassify_int(BN_ucmp(a, m) >= 0)) { OPENSSL_PUT_ERROR(BN, BN_R_INPUT_NOT_REDUCED); return 0; } |