My hobbyist coding updates and releases as the mysterious "Mr. Tines"

Wednesday 20 February 2002

CTClib 2.3 bug report

One sort-of bug report against CTClib 2.3; if you generate excessively short RSA keys, shorter than the size of the signature packet for self signature, the signature process fails. This is not checked, and so the attempt to verify the signature ends up chasing a nil pointer. As you should not use a keylength below 512 bits, and to be safer, no shorter than 1024 bits, this should not actually be provoked in reasonable use.

No comments: