c1c6eeb5e2
We don't check it is fully reduced because different implementations use
Carmichael vs Euler totients, but if d exceeds n, something is wrong.
Note the fixed-width BIGNUM changes already fail operations with
oversized d.
Update-Note: Some blatantly invalid RSA private keys will be rejected at
RSA_check_key time. Note that most of those keys already are not
usable with BoringSSL anyway. This CL moves the failure from
sign/decrypt to RSA_check_key.
Change-Id: I468dbba74a148aa58c5994cc27f549e7ae1486a2
Reviewed-on: https://boringssl-review.googlesource.com/26374
Reviewed-by: Adam Langley <alangley@gmail.com>
|
||
|---|---|---|
| .. | ||
| asn1.errordata | ||
| bio.errordata | ||
| bn.errordata | ||
| cipher.errordata | ||
| CMakeLists.txt | ||
| conf.errordata | ||
| dh.errordata | ||
| digest.errordata | ||
| dsa.errordata | ||
| ec.errordata | ||
| ecdh.errordata | ||
| ecdsa.errordata | ||
| engine.errordata | ||
| err_data_generate.go | ||
| err_test.cc | ||
| err.c | ||
| evp.errordata | ||
| hkdf.errordata | ||
| internal.h | ||
| obj.errordata | ||
| pem.errordata | ||
| pkcs7.errordata | ||
| pkcs8.errordata | ||
| rsa.errordata | ||
| ssl.errordata | ||
| x509.errordata | ||
| x509v3.errordata | ||