[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: matrixssl

Guido Günther <agx@sigxcpu.org> writes:

> As I wrote in dla-needed.txt the bignum handling is in
> crypto/peersec/mpi.c and it seems to use the same algorithms (and lacks
> the same checks in e.g. mp_exptmod) so I marked it as
> vulnerable. Porting back the fixes from the current version will be
> difficult though, since the code has changed a lot.

How can you tell the algorithms are the same?

The implementation of mp_exptmod looks very different to pstm_exptmod; I
can't see any similarities in the algorithm.
Brian May <bam@debian.org>

Reply to: