Skip to content

Commit

Permalink
RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both ge…
Browse files Browse the repository at this point in the history 
…t called with BN_FLG_CONSTTIME flag set.

Based on an original patch by Billy Brumley

CVE-2018-0737

Reviewed-by: Rich Salz <rsalz@openssl.org>
  • Loading branch information
@mattcaswell
mattcaswell committed Apr 16, 2018
1 parent b0a9793 commit 54f007a
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions crypto/rsa/rsa_gen.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
prime = pinfo->r;
}
BN_set_flags(prime, BN_FLG_CONSTTIME);

for (;;) {
redo:
Expand Down

0 comments on commit 54f007a

Please sign in to comment.