Make ossl_gen_deterministic_nonce_rfc6979() constant time

Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24265)
author: Tomas Mraz <tomas@openssl.org> 2024-04-25 15:35:36 +0200
committer: Tomas Mraz <tomas@openssl.org> 2024-05-02 09:16:36 +0200
commit: 2d285fa873028f6cff9484a0cdf690fe05d7fb16 (patch)
tree: 2d8a55cbc66e655d3348c39a3c5ae87a1022920b /crypto/bn/bn_lib.c
parent: d7d1bdcb6aa3d5000bf7f5ebc5518be5c91fd5a5 (diff)
download: openssl-2d285fa873028f6cff9484a0cdf690fe05d7fb16.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 85698885ed..cab87d9959 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -859,6 +859,7 @@ int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n)
         a->top = w + 1;
         a->d[w] &= ~(BN_MASK2 << b);
     }
+    a->flags |= BN_FLG_FIXED_TOP;
     return 1;
 }
 
@@ -1046,6 +1047,22 @@ int BN_is_word(const BIGNUM *a, const BN_ULONG w)
     return BN_abs_is_word(a, w) && (!w || !a->neg);
 }
 
+int ossl_bn_is_word_fixed_top(const BIGNUM *a, const BN_ULONG w)
+{
+    int res, i;
+    const BN_ULONG *ap = a->d;
+
+    if (a->neg || a->top == 0)
+        return 0;
+
+    res = constant_time_select_int(constant_time_eq_bn(ap[0], w), 1, 0);
+
+    for (i = 1; i < a->top; i++)
+        res = constant_time_select_int(constant_time_is_zero_bn(ap[i]),
+                                       res, 0);
+    return res;
+}
+
 int BN_is_odd(const BIGNUM *a)
 {
     return (a->top > 0) && (a->d[0] & 1);
author	Tomas Mraz <tomas@openssl.org>	2024-04-25 15:35:36 +0200
committer	Tomas Mraz <tomas@openssl.org>	2024-05-02 09:16:36 +0200
commit	2d285fa873028f6cff9484a0cdf690fe05d7fb16 (patch)
tree	2d8a55cbc66e655d3348c39a3c5ae87a1022920b /crypto/bn/bn_lib.c
parent	d7d1bdcb6aa3d5000bf7f5ebc5518be5c91fd5a5 (diff)
download	openssl-2d285fa873028f6cff9484a0cdf690fe05d7fb16.tar.gz