CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2019/06/17 11:11:48
Modified files:
lib/libcrypto/bn: bn_lib.c
Log message:
Make BN_num_bits_word() constant time.
Previously, this function would leak the most significant word of its
argument due to branching and memory access pattern. This patch is
enough to fix the use of BN_num_bits() on RSA prime factors in the
library.
The diff is a simplified and more readable (but perhaps less efficient)
version of https://github.com/openssl/openssl/commit/972c87df
by Andy Polyakov and David Benjamin (pre license change). Consult that
commit message for details. Subsequent fixes to follow in the near future.
Issue pointed out by David Schrammel and Samuel Weiser as part of
a larger report.
tests & ok inoguchi, ok jsing
