3 Aug
2016
3 Aug
'16
4:53 a.m.
Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
That can certainly be done on future versions; however it also means that if nettle is updated without an update on gnutls, the fix for cache silence may bring more issues than it solves.
I guess one can add some workaround for applications, in particuar gnutls, which don't use _prepare. But please fix that before you make the next release.
Do you think it is sufficient for gnutls to add an extra check that p and q are odd in nettle's rsa_compute_root? (Used also by rsa_compute_root_tr).
Regards, /Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.