Nikos Mavrogiannopoulos nmav@redhat.com writes:
Yes. Although if this is only for the versions prior to using the prepare function, this is not a significant threat (the private key computations are typically done on trusted values by the server).
One scanario is a web hosting provider that handles private server keys provided by untrusted customers. No idea how common that is, but one wouldn't want one customer to crash the webserver also used by others.
What is more important for older versions of gnutls are the public key operations such as ecdsa_verify(), dsa_verify() and rsa_encrypt().
Now I'm confused, I hope I didn't introduce any mpz_powm_sec calls on the code paths operating on public keys only? I don't think we have to care too much about obscure use cases where the supposedly public exponent actually needs to be well protected.
Regards, /Niels