On Sun, Jul 31, 2016 at 10:44 AM, Niels Möller nisse@lysator.liu.se wrote:
Attached is a certificate + key where I manually changed the modulus to be even (P.S.: This tool [2] fis very useful for such cases). The certificate is therefore obviously bogus, but that doesn't matter in our case.
Any other easy checks for bogus keys that should be added? I would expect that code parsing key formats, e.g., asn.1, would check sign and range of parameters and catch bogus values early (e.g., the code in nettle's der2rsa.c does that). It's possible to add additional sanity checks to the _key_prepare functions, if desired. It's not entirely obvious where that responsibility should be placed.
It depends what that means. Would these values cause a crash or a function to return an error? Also unless they are well documented in the nettle API documentation, I wouldn't expect the caller to know the constraints of the underlying gmp API.
regards, Nikos