Geoff Thorpe 81d1998e09 Currently, RSA code, when using no padding scheme, simply checks that input
does not contain more bytes than the RSA modulus 'n' - it does not check
that the input is strictly *less* than 'n'. Whether this should be the
case or not is open to debate - however, due to security problems with
returning miscalculated CRT results, the 'rsa_mod_exp' implementation in
rsa_eay.c now performs a public-key exponentiation to verify the CRT result
and in the event of an error will instead recalculate and return a non-CRT
(more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent
to the mod_exp of 'I mod n', and the verify result is automatically between
0 and n-1 inclusive, the verify only matches the input if 'I' was less than
'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie.
they differ by a multiple of 'n'). Rather than rejecting correct
calculations and doing redundant and slower ones instead, this changes the
equality check in the verification code to a congruence check.
2001-07-20 15:16:10 +00:00
..
2001-07-06 22:06:08 +00:00
2001-07-05 10:20:07 +00:00
2001-07-11 22:54:24 +00:00
2001-07-08 11:42:38 +00:00
2001-07-10 21:00:37 +00:00
2001-07-06 21:35:00 +00:00
2001-07-10 21:00:37 +00:00
2001-07-11 07:10:43 +00:00
2000-02-01 02:21:16 +00:00
2000-12-18 09:18:22 +00:00
2001-06-05 20:32:36 +00:00
2001-07-08 11:42:38 +00:00
2001-07-05 10:20:07 +00:00
2001-07-05 10:20:07 +00:00
2001-03-02 10:57:54 +00:00