From 5d2ca20e6d065cc456b38bdf8bb128adb999d67b Mon Sep 17 00:00:00 2001
From: Pascal Cuoq <cuoq@trust-in-soft.com>
Date: Wed, 6 May 2015 11:31:27 +0200
Subject: Set flags to 0 before calling BN_with_flags()

BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
overwrites everything else.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231

(cherry picked from commit f92768e6f5259069bd21dbed2b98b3423c1dfca4)
---
 crypto/bn/bn_gcd.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 97c55ab..ce59fe7 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -583,6 +583,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * BN_div_no_branch will be called eventually.
          */
         pB = &local_B;
+        local_B.flags = 0;
         BN_with_flags(pB, B, BN_FLG_CONSTTIME);
         if (!BN_nnmod(B, pB, A, ctx))
             goto err;
@@ -610,6 +611,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * BN_div_no_branch will be called eventually.
          */
         pA = &local_A;
+        local_A.flags = 0;
         BN_with_flags(pA, A, BN_FLG_CONSTTIME);
 
         /* (D, M) := (A/B, A%B) ... */
-- 
1.7.12.1