Re: Using mpz_powm_sec

4 Aug 2016


      nisse@lysator.liu.se (Niels Möller) writes:
...
On second look, it can't be rsa_compute_root, since that function has no
return value. Is it sufficient for gnutls to do this check in
rsa_compute_root_tr instead?
I also note that a check is needed in dsa_sign, which otherwise would
crash if the group is invalid, with an even p.
I've comitted additional checks to dsa_sign and rsa_compute_root_tr.
I have one remaining question: Should there be additional sanity checks
in the rsa_*_prepare functions, to reject keys with negative or
out-of-range parameters? Out-of-range parameters will not, as far as I
am aware, result in any crashes, only in bogus outputs.
Regards,
/Niels
-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: Using mpz_powm_sec