CVSROOT: /cvs Module name: src Changes by: schwa...@cvs.openbsd.org 2018/04/29 09:58:21
Modified files: lib/libcrypto/man: BN_add.3 BN_mod_inverse.3 BN_new.3 BN_set_flags.3 Log message: In view of the recent BN_FLG_CONSTTIME vulnerabilities in OpenSSL, carefully document constant time vs. non-constant time operation of BN_div(3), BN_mod_exp(3), and BN_mod_inverse(3). Until the work that is required on the ill-designed BN_exp(3) and BN_gcd(3) interfaces can be undertaken, also document the imperfections in their behaviour, for now. Finally, mention BN_mod_exp(3) behaviour for even moduli. Delete the vague statement about some functions automatically setting BN_FLG_CONSTTIME. It created a false sense of security. Do not rely on it: not all relevant functions do that. Topic brought up by beck@, significant feedback and OK jsing@.