Clear BN_FLG_CONSTTIME on BN_CTX_get()

(cherry picked from commit c8147d3) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #8253)
openssl · Feb 20, 2019 · e2e69dc · e2e69dc
1 parent 3c97136
commit e2e69dc
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -227,6 +227,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
     }
     /* OK, make sure the returned bignum is "zero" */
     BN_zero(ret);
+    /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+    ret->flags &= (~BN_FLG_CONSTTIME);
     ctx->used++;
     CTXDBG_RET(ctx, ret);
     return ret;