projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Elliptic curve scalar multiplication with timing attack defenses
[openssl.git] / crypto / bn / bn_lib.c
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 57fe45288bbabb3dfb565e42962ea3507d641a7a..a446880ec727228a3a44986b9cad73e3d4600b61 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -739,6 +739,19 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
     a->top ^= t;
     b->top ^= t;
 
+    t = (a->neg ^ b->neg) & condition;
+    a->neg ^= t;
+    b->neg ^= t;
+
+    /*
+     * cannot just arbitrarily swap flags.
+     * The way a->d is allocated etc.
+     * BN_FLG_MALLOCED, BN_FLG_STATIC_DATA, ...
+     */
+    t = (a->flags ^ b->flags) & condition & BN_FLG_CONSTTIME;
+    a->flags ^= t;
+    b->flags ^= t;
+
 #define BN_CONSTTIME_SWAP(ind) \
         do { \
                 t = (a->d[ind] ^ b->d[ind]) & condition; \
Unnamed repository; edit this file 'description' to name the repository.