CVSROOT: /cvs
Module name: src
Changes by: schwa...@cvs.openbsd.org 2018/04/29 09:58:21
Modified files:
lib/libcrypto/man: BN_add.3 BN_mod_inverse.3 BN_new.3
BN_set_flags.3
Log message:
In view of the recent BN_FLG_CONSTTIME vulnerabilities in OpenSSL,
carefully document constant time vs. non-constant time operation
of BN_div(3), BN_mod_exp(3), and BN_mod_inverse(3).
Until the work that is required on the ill-designed BN_exp(3) and
BN_gcd(3) interfaces can be undertaken, also document the imperfections
in their behaviour, for now. Finally, mention BN_mod_exp(3) behaviour
for even moduli.
Delete the vague statement about some functions automatically
setting BN_FLG_CONSTTIME. It created a false sense of security.
Do not rely on it: not all relevant functions do that.
Topic brought up by beck@, significant feedback and OK jsing@.
