Guido Günther <email@example.com> writes:
> As I wrote in dla-needed.txt the bignum handling is in
> crypto/peersec/mpi.c and it seems to use the same algorithms (and lacks
> the same checks in e.g. mp_exptmod) so I marked it as
> vulnerable. Porting back the fixes from the current version will be
> difficult though, since the code has changed a lot.
How can you tell the algorithms are the same?
The implementation of mp_exptmod looks very different to pstm_exptmod; I
can't see any similarities in the algorithm.
Brian May <firstname.lastname@example.org>