projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1e83954) | patch
bn/bn_lib.c: make BN_bn2binpad computationally constant-time.
authorAndy Polyakov <appro@openssl.org>
Sun, 4 Feb 2018 14:20:29 +0000 (15:20 +0100)
committerAndy Polyakov <appro@openssl.org>
Sat, 14 Jul 2018 11:36:35 +0000 (13:36 +0200)
commit89d8aade5f4011ddeea7827f08ec544c914f275a
treeb63cbf85eb6b25d85a9bae2120bba51725cd2285tree | snapshot
parent1e839545803107b230a8177875de5994f85984decommit | diff
bn/bn_lib.c: make BN_bn2binpad computationally constant-time.

"Computationally constant-time" means that it might still leak
information about input's length, but only in cases when input
is missing complete BN_ULONG limbs. But even then leak is possible
only if attacker can observe memory access pattern with limb
granularity.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5254)
crypto/bn/bn_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.