> 1. Please > see > https://boringssl.googlesource.com/boringssl/+/75b833cc819a9d189adb0fdd56327bee600ff9e9. > > I think it would be good for OpenSSL to work with Google to integrate > this patch.
Will be looked into... > 2. Is the `__chkstk` code that was added [1] to `bn_mul_mont` really > necessary? The SEGV that is mentioned in the commit message and commentary was actually observed and reported. Well, it's not called SEGV on Windows, but equivalent has same devastating effect, i.e. application crash. It takes super-long RSA key, longer than you'd normally use, so it's not something that a lot of users risk suffering from. But the problem is real nevertheless. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
