Clear BN_FLG_CONSTTIME on BN_CTX_get()

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8253)
2019-02-08 12:42:25 +02:00 · 2019-02-08 12:42:25 +02:00 · c8147d37cc
commit c8147d37cc
parent fe16ae5f95
1 changed files with 3 additions and 1 deletions
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -227,6 +227,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
    }
    /* OK, make sure the returned bignum is "zero" */
    BN_zero(ret);
+    /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+    ret->flags &= (~BN_FLG_CONSTTIME);
    ctx->used++;
    CTXDBG_RET(ctx, ret);
    return ret;