Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not all operand cases supported for BN_mod_exp #5082

Closed
rbost opened this issue Jan 15, 2018 · 2 comments
Closed

Not all operand cases supported for BN_mod_exp #5082

rbost opened this issue Jan 15, 2018 · 2 comments
Milestone
1.1.1

Comments

@rbost
Copy link

rbost commented Jan 15, 2018

Not all cases for the BN_mod_exp operands are supported. Namely, for now, it only works when all the operands have the BN_FLG_CONSTTIME flag unset (call to BN_mod_exp_recp), or when all the operands have BN_FLG_CONSTTIME set and the modulus is odd (call to BN_mod_exp_mont_word). All the other cases fail (in particular when the BN_FLG_CONSTTIME flags are mixed).

Although this is not a problem when the function is used inside OpenSSL, it might be for third-party devs who rely on OpenSSL BN library.

For odd modulus, this seems easy to fix as one could fallback to the Montgomery constant-time implementation. For even modulus, it seems a bit more tricky. Note that calling BN_mod_exp with an even modulus and a BN_FLG_CONSTTIME flag operand could be explicitly forbidden in the documentation.
@bernd-edlinger
Copy link
Member

@mattcaswell fixed by #5080 ?

@mattcaswell
Copy link
Member

Not entirely no - that just fixed the most immediate and pressing problem. It might be as simple as a documentation fix - but it requires more thought.

@mattcaswell mattcaswell added this to the 1.1.1 milestone Jan 23, 2018
mattcaswell added a commit to mattcaswell/openssl that referenced this issue Apr 30, 2018
@mattcaswell
Clarify BN_mod_exp docs
d788ccd 
Specifically this is not supported with an even modulus and
BN_FLG_CONSTTIME.

Fixes openssl#5082
@mattcaswell mattcaswell mentioned this issue Apr 30, 2018
Closed
mattcaswell added a commit to mattcaswell/openssl that referenced this issue Apr 30, 2018
@mattcaswell
Clarify BN_mod_exp docs
2073acd 
Specifically this is not supported with an even modulus and
BN_FLG_CONSTTIME.

Fixes openssl#5082
@mattcaswell mattcaswell mentioned this issue Apr 30, 2018
Closed
2 tasks
@levitte levitte closed this as completed in 3a070e2 May 1, 2018
levitte pushed a commit that referenced this issue May 1, 2018
@mattcaswell
Clarify BN_mod_exp docs
966b3df 
Specifically this is not supported with an even modulus and
BN_FLG_CONSTTIME.

Fixes #5082

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #6138)
levitte pushed a commit that referenced this issue May 1, 2018
@mattcaswell
Clarify BN_mod_exp docs
a96022b 
Specifically this is not supported with an even modulus and
BN_FLG_CONSTTIME.

Fixes #5082

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #6138)

(cherry picked from commit 966b3df)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1.1
Development

No branches or pull requests
3 participants
@rbost @mattcaswell @bernd-edlinger