Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 06 Jan 2019 11:31:27 +0100
From: nisse@...ator.liu.se (Niels Möller)
To: tg@...lib.org (Torbjörn Granlund)
Cc: Jeffrey Walton <noloader@...il.com>,  oss-security@...ts.openwall.com,  gmp-bugs@...lib.org
Subject: Re: Asserts considered harmful (or GMP spills its sensitive information)

tg@...lib.org (Torbjörn Granlund) writes:

> Let's move on.  No bug to be found here.

Just FYI: There was a bug in Nettle's test code, a line

  assert (mpz_invert(key->d, pub->e, phi));

Obviously not working with -DNDEBUG. Fix in commit
https://git.lysator.liu.se/nettle/nettle/commit/73d3c6d5586cc0fd81eab081078144d621de07b4

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.