)]}' { "commit": "0a211dfe91588d2986a8735e1969dd9202a8b025", "tree": "0fa493fc4d4ad191056b2f4be35297317e019667", "parents": [ "d261004048e25f2ad81fede16cca6736e8697713" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sat Dec 17 15:25:55 2016 -0500" }, "committer": { "name": "Adam Langley", "email": "alangley@gmail.com", "time": "Thu Jan 12 02:00:44 2017 +0000" }, "message": "Remove BN_FLG_CONSTTIME.\n\nBN_FLG_CONSTTIME is a ridiculous API and easy to mess up\n(CVE-2016-2178). Instead, code that needs a particular algorithm which\npreserves secrecy of some arguemnt should call into that algorithm\ndirectly.\n\nThis is never set outside the library and is finally unused within the\nlibrary! Credit for all this goes almost entirely to Brian Smith. I just\ntook care of the last bits.\n\nNote there was one BN_FLG_CONSTTIME check that was still reachable, the\nBN_mod_inverse in RSA key generation. However, it used the same code in\nboth cases for even moduli and φ(n) is even if n is not a power of two.\nTraditionally, RSA keys are not powers of two, even though it would make\nthe modular reductions a lot easier.\n\nWhen reviewing, check that I didn\u0027t remove a BN_FLG_CONSTTIME that led\nto a BN_mod_exp(_mont) or BN_mod_inverse call (with the exception of the\nRSA one mentioned above). They should all go to functions for the\nalgorithms themselves like BN_mod_exp_mont_consttime.\n\nThis CL shows the checks are a no-op for all our tests:\nhttps://boringssl-review.googlesource.com/c/12927/\n\nBUG\u003d125\n\nChange-Id: I19cbb375cc75aac202bd76b51ca098841d84f337\nReviewed-on: https://boringssl-review.googlesource.com/12926\nReviewed-by: Adam Langley \u003calangley@gmail.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "31bb937f39fdfe12c99810086921bc4f449728cb", "old_mode": 33188, "old_path": "crypto/bn/bn.c", "new_id": "e3c55f281ae1e11a9b69473896566b4563223ded", "new_mode": 33188, "new_path": "crypto/bn/bn.c" }, { "type": "modify", "old_id": "4f544a7f1221e07d18ea70c8b838098745cd6de3", "old_mode": 33188, "old_path": "crypto/bn/bn_test.cc", "new_id": "8f93ad0dcc78253a5592570692021d17592dcc94", "new_mode": 33188, "new_path": "crypto/bn/bn_test.cc" }, { "type": "modify", "old_id": "3161a2a8efe43c57f4c5f20cd72041933b3e00c1", "old_mode": 33188, "old_path": "crypto/bn/exponentiation.c", "new_id": "933a731c0868fbba8f23d886be97627437f9c452", "new_mode": 33188, "new_path": "crypto/bn/exponentiation.c" }, { "type": "modify", "old_id": "9e62da00dc9a7ba3b60cba1ba0c218b44ee6b94d", "old_mode": 33188, "old_path": "crypto/bn/gcd.c", "new_id": "7c20b8e2b6b04f98dc3eaa8eab7d675aed9174aa", "new_mode": 33188, "new_path": "crypto/bn/gcd.c" }, { "type": "modify", "old_id": "70f0585c2e7d95941ac24ae8fc9d5157adf06d4f", "old_mode": 33188, "old_path": "crypto/bn/montgomery.c", "new_id": "aa5bc4246413e4d08c9d14669bf5d527219f7c1b", "new_mode": 33188, "new_path": "crypto/bn/montgomery.c" }, { "type": "modify", "old_id": "69a7ec81e05b8fc8332847829f3d637ef486371a", "old_mode": 33188, "old_path": "crypto/dh/dh.c", "new_id": "33c36f31fa557df3e0f39b3e6b8cef86a14b4e82", "new_mode": 33188, "new_path": "crypto/dh/dh.c" }, { "type": "modify", "old_id": "15583be056b1c804e14a88c46dc09887a0a0c3d5", "old_mode": 33188, "old_path": "crypto/dsa/dsa.c", "new_id": "e2b6695e81cb984d0a8fdadc3d315150050b86d4", "new_mode": 33188, "new_path": "crypto/dsa/dsa.c" }, { "type": "modify", "old_id": "3834be5af51f846a8881154ba3325a31b0e2fc0b", "old_mode": 33188, "old_path": "crypto/rsa/rsa_impl.c", "new_id": "8e0aa9c62b327ddd5c27af9d18c33b3ec900cf75", "new_mode": 33188, "new_path": "crypto/rsa/rsa_impl.c" }, { "type": "modify", "old_id": "18beba4e38697926320c5a3b59064a1e52a4269f", "old_mode": 33188, "old_path": "include/openssl/bn.h", "new_id": "b34ebe365d01ec64bbd76f69e6536f7e270831bd", "new_mode": 33188, "new_path": "include/openssl/bn.h" }, { "type": "modify", "old_id": "681b8349e39bd02a29751cac672a259abccc5ff3", "old_mode": 33188, "old_path": "util/doc.go", "new_id": "987794c92c06baef2638a2cad3a821022e11baa5", "new_mode": 33188, "new_path": "util/doc.go" } ] }