mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

[crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1

Browse Source 
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10209)
This commit is contained in:
Billy Brumley 2019-10-17 23:30:18 +03:00 committed by Matt Caswell
parent 8e8901e1e4
commit 305bf9c866
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
crypto/bn/bn_shift.c
View File

@ -34,12 +34,10 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
for (i = 0; i < a->top; i++) {
t = *(ap++);
*(rp++) = ((t << 1) | c) & BN_MASK2;
c = (t & BN_TBIT) ? 1 : 0;
}
if (c) {
*rp = 1;
r->top++;
c = t >> (BN_BITS2 - 1);
}
*rp = c;
r->top += c;
bn_check_top(r);
return 1;
}
@ -47,7 +45,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
int BN_rshift1(BIGNUM *r, const BIGNUM *a)
{
BN_ULONG *ap, *rp, t, c;
int i, j;
int i;
bn_check_top(r);
bn_check_top(a);
@ -58,23 +56,22 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
}
i = a->top;
ap = a->d;
j = i - (ap[i - 1] == 1);
if (a != r) {
if (bn_wexpand(r, j) == NULL)
if (bn_wexpand(r, i) == NULL)
return 0;
r->neg = a->neg;
}
rp = r->d;
r->top = i;
t = ap[--i];
c = (t & 1) ? BN_TBIT : 0;
if (t >>= 1)
rp[i] = t;
rp[i] = t >> 1;
c = t << (BN_BITS2 - 1);
r->top -= (t == 1);
while (i > 0) {
t = ap[--i];
rp[i] = ((t >> 1) & BN_MASK2) | c;
c = (t & 1) ? BN_TBIT : 0;
c = t << (BN_BITS2 - 1);
}
r->top = j;
if (!r->top)
r->neg = 0; /* don't allow negative zero */
bn_check_top(r);