diff options
| author | schwarze <> | 2022-11-20 23:35:00 +0000 |
|---|---|---|
| committer | schwarze <> | 2022-11-20 23:35:00 +0000 |
| commit | 24b92fa9d36633c9630c63433973fe680957c836 (patch) | |
| tree | 77658a9ec93316a585244f95b6ac2df89c015491 /src/lib/libcrypto/man/BN_new.3 | |
| parent | 3585c6fd96623cbda97253ab2fb8f0742ceaef83 (diff) | |
| download | openbsd-24b92fa9d36633c9630c63433973fe680957c836.tar.gz openbsd-24b92fa9d36633c9630c63433973fe680957c836.tar.bz2 openbsd-24b92fa9d36633c9630c63433973fe680957c836.zip | |
Fix a surprising quirk in BN_GF2m_mod(3).
All other wrappers in the same file that use a temporary array of
degrees size that array dynamically, such that they are able to
handle reducing polynomials of arbitrary lengths. BN_GF2m_mod(3)
was the only one that used a static array of size 6 instead, limiting
it to trinomials and pentanomials and causing it to fail for longer
reducing polynomials.
Make this more uniform and less surprising by using exactly the
same code as in all the other wrappers, such that BN_GF2m_mod(3)
works with reducing polynomials of arbitrary length, too, just like
the others.
Again, tb@ points out this quirk is very unlikely to cause
vulnerabilities in practice because cryptographic applications do
not use longer reducing polynomials.
This patch is not expected to significantly impact performance
because the relevant caller, BN_GF2m_mod_div(3), already uses dynamic
allocation via BN_GF2m_mod_mul(3).
OK tb@
Diffstat (limited to 'src/lib/libcrypto/man/BN_new.3')
0 files changed, 0 insertions, 0 deletions