diff options
| author | schwarze <> | 2018-04-29 15:58:21 +0000 | 
|---|---|---|
| committer | schwarze <> | 2018-04-29 15:58:21 +0000 | 
| commit | 0cafa356a8c4c7fcd0ceea551f687c5d7fbef24e (patch) | |
| tree | f067081374e9045588229a0f9af9373361fb2cbe /src/lib/libssl/ssl_both.c | |
| parent | 1c03f31f80d0bb4684aefa980cad2bd45fccb749 (diff) | |
| download | openbsd-0cafa356a8c4c7fcd0ceea551f687c5d7fbef24e.tar.gz openbsd-0cafa356a8c4c7fcd0ceea551f687c5d7fbef24e.tar.bz2 openbsd-0cafa356a8c4c7fcd0ceea551f687c5d7fbef24e.zip | |
In view of the recent BN_FLG_CONSTTIME vulnerabilities in OpenSSL,
carefully document constant time vs. non-constant time operation
of BN_div(3), BN_mod_exp(3), and BN_mod_inverse(3).
Until the work that is required on the ill-designed BN_exp(3) and
BN_gcd(3) interfaces can be undertaken, also document the imperfections
in their behaviour, for now.  Finally, mention BN_mod_exp(3) behaviour
for even moduli.
Delete the vague statement about some functions automatically
setting BN_FLG_CONSTTIME.  It created a false sense of security.
Do not rely on it: not all relevant functions do that.
Topic brought up by beck@, significant feedback and OK jsing@.
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
