Re: matrixssl
Guido Günther <agx@sigxcpu.org> writes:
> As I wrote in dla-needed.txt the bignum handling is in
> crypto/peersec/mpi.c and it seems to use the same algorithms (and lacks
> the same checks in e.g. mp_exptmod) so I marked it as
> vulnerable. Porting back the fixes from the current version will be
> difficult though, since the code has changed a lot.
How can you tell the algorithms are the same?
The implementation of mp_exptmod looks very different to pstm_exptmod; I
can't see any similarities in the algorithm.
--
Brian May <bam@debian.org>
Reply to: