1. 23 7月, 2001 3 次提交
  2. 21 7月, 2001 6 次提交
  3. 20 7月, 2001 1 次提交
    • G
      Currently, RSA code, when using no padding scheme, simply checks that input · 81d1998e
      Geoff Thorpe 提交于
      does not contain more bytes than the RSA modulus 'n' - it does not check
      that the input is strictly *less* than 'n'. Whether this should be the
      case or not is open to debate - however, due to security problems with
      returning miscalculated CRT results, the 'rsa_mod_exp' implementation in
      rsa_eay.c now performs a public-key exponentiation to verify the CRT result
      and in the event of an error will instead recalculate and return a non-CRT
      (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent
      to the mod_exp of 'I mod n', and the verify result is automatically between
      0 and n-1 inclusive, the verify only matches the input if 'I' was less than
      'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie.
      they differ by a multiple of 'n'). Rather than rejecting correct
      calculations and doing redundant and slower ones instead, this changes the
      equality check in the verification code to a congruence check.
      81d1998e
  4. 17 7月, 2001 1 次提交
  5. 16 7月, 2001 2 次提交
  6. 13 7月, 2001 3 次提交
  7. 12 7月, 2001 14 次提交
  8. 11 7月, 2001 10 次提交