Add OpenSSL::BN#set_flags and #get_flags #417

mame · 2021-02-16T09:36:23Z

Also, OpenSSL::BN::CONSTTIME is added.

OpenSSL itself had a feature that was vulnerable against a side-channel
attack. The OpenSSL authors determined that it was not a security issue,
and they have already fixed the issue by using BN_set_flags.

openssl/openssl#13888

If a Ruby OpenSSL user was faced with a similar issue, they couldn't
prevent the issue because Ruby OpenSSL lacks a wrapper to BN_set_flags.
For the case, this change introduces the wrapper.

test/openssl/test_bn.rb

rhenium · 2021-02-17T11:20:04Z

This is a nice addition. Thanks!

Also, OpenSSL::BN::CONSTTIME is added. OpenSSL itself had a feature that was vulnerable against a side-channel attack. The OpenSSL authors determined that it was not a security issue, and they have already fixed the issue by using BN_set_flags. openssl/openssl#13888 If a Ruby OpenSSL user was faced with a similar issue, they couldn't prevent the issue because Ruby OpenSSL lacks a wrapper to BN_set_flags. For the case, this change introduces the wrapper.

mame force-pushed the add-BN_set_flags branch from da5de64 to 15aa6b3 Compare February 17, 2021 02:05

rhenium reviewed Feb 17, 2021

View reviewed changes

test/openssl/test_bn.rb Outdated Show resolved Hide resolved

rhenium mentioned this pull request Feb 18, 2021

bn: check -1 return from BIGNUM functions #418

Merged

rhenium force-pushed the add-BN_set_flags branch from 15aa6b3 to 1e565eb Compare May 25, 2021 10:11

rhenium merged commit 0ac1a4e into ruby:master May 25, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add OpenSSL::BN#set_flags and #get_flags #417

Add OpenSSL::BN#set_flags and #get_flags #417

mame commented Feb 16, 2021

rhenium commented Feb 17, 2021

Add OpenSSL::BN#set_flags and #get_flags #417

Add OpenSSL::BN#set_flags and #get_flags #417

Conversation

mame commented Feb 16, 2021

rhenium commented Feb 17, 2021