diff options
author | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2018-04-29 15:58:22 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2018-04-29 15:58:22 +0000 |
commit | 6e8b4c725a0dfa64bf09a5a64a9924697366be73 (patch) | |
tree | c3f45cdccea01dac456391a291abd1a0a50100da /share/tabset | |
parent | 661ca0805b927cdfa63400bac6b6ff45b86502e0 (diff) |
In view of the recent BN_FLG_CONSTTIME vulnerabilities in OpenSSL,
carefully document constant time vs. non-constant time operation
of BN_div(3), BN_mod_exp(3), and BN_mod_inverse(3).
Until the work that is required on the ill-designed BN_exp(3) and
BN_gcd(3) interfaces can be undertaken, also document the imperfections
in their behaviour, for now. Finally, mention BN_mod_exp(3) behaviour
for even moduli.
Delete the vague statement about some functions automatically
setting BN_FLG_CONSTTIME. It created a false sense of security.
Do not rely on it: not all relevant functions do that.
Topic brought up by beck@, significant feedback and OK jsing@.
Diffstat (limited to 'share/tabset')
0 files changed, 0 insertions, 0 deletions