Snapshot 1.0.4f & Klima/Rosa tests

[Florian Weimer]

Steve Beach <asb4@psu.edu> writes:

> I'm a little bit paranoid about the Klima/Rosa attack.  Examining the
> source code, it doesn't appear that there has been any change in the
> verification of the secret keys in cipher/dsa.c or cipher/rsa.c.

The computed signatures are verified using the public key.  This is
pretty much equivalent to the proposed checks on the key material, but
it detects computation errors as well.

Werner planned to add better secret key protection.  However, I don't
think it's included in 1.0.4f (?).