Bug in internal function is_prime() from cipher/primegen.c
HeikoStamer at gmx.net
Sun Apr 29 09:50:11 CEST 2018
first, thank you for the quick response.
Am 28.04.2018 um 18:37 schrieb Werner Koch:
>> If the checked mpi is a small number (say 65537), then it is more likely
>> that this happens. I am not sure whether this bug has any serious
>> security implications (e.g. DoS attacks), however, it should be fixed
> I don't think that this is a security problem. In fact an assert is
> there to prevent this ;-).
When I was writing this I thought of a client-server protocol, where the
server checks the input of the client using gcry_prime_check(). Then a
malicious client could force the server to abort irregularly.
> What do you think of the attached fix?
I think it should work. However, I was not able to test this yet.
More information about the Gcrypt-devel