On Tue, Dec 17, 2013 at 8:57 AM, Niels Möller nisse@lysator.liu.se wrote:
I don't currently plan any 2.7.2 bugfix release. I'm thinking that this problem is not serious enough to motivate a new release. If some more urgent reason to make a release comes up, we can consider backporting this change. Or have you seen any real problems caused by this? That would be an application accepting an arbitrarily large RSA keys from an untrusted source, and passing it on to nettle without any limit to prevent DoS. In that scenario, it could be a real problem.
The limit in gnutls for public keys was 16k. The undocumented abort() limit in these functions is 10k. Thus even if an application doesn't allow arbitrary limits it risks a crash. Even worse this crash can be simply from data coming from the network. So I find that a pretty serious issue (although, I think that issue is mitigated on systems that alloca() is available).
A release on the 2.7 could also include to lift the q_bit limits in generating a dsa key (so that nettle could be used for generating DH keys as well).
regards, Nikos