summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/man/DSA_dup_DH.3
diff options
context:
space:
mode:
authorschwarze <>2018-04-29 15:58:21 +0000
committerschwarze <>2018-04-29 15:58:21 +0000
commit0cafa356a8c4c7fcd0ceea551f687c5d7fbef24e (patch)
treef067081374e9045588229a0f9af9373361fb2cbe /src/lib/libcrypto/man/DSA_dup_DH.3
parent1c03f31f80d0bb4684aefa980cad2bd45fccb749 (diff)
downloadopenbsd-0cafa356a8c4c7fcd0ceea551f687c5d7fbef24e.tar.gz
openbsd-0cafa356a8c4c7fcd0ceea551f687c5d7fbef24e.tar.bz2
openbsd-0cafa356a8c4c7fcd0ceea551f687c5d7fbef24e.zip
In view of the recent BN_FLG_CONSTTIME vulnerabilities in OpenSSL,
carefully document constant time vs. non-constant time operation of BN_div(3), BN_mod_exp(3), and BN_mod_inverse(3). Until the work that is required on the ill-designed BN_exp(3) and BN_gcd(3) interfaces can be undertaken, also document the imperfections in their behaviour, for now. Finally, mention BN_mod_exp(3) behaviour for even moduli. Delete the vague statement about some functions automatically setting BN_FLG_CONSTTIME. It created a false sense of security. Do not rely on it: not all relevant functions do that. Topic brought up by beck@, significant feedback and OK jsing@.
Diffstat (limited to 'src/lib/libcrypto/man/DSA_dup_DH.3')
0 files changed, 0 insertions, 0 deletions