kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
61ae41f198
boringssl/crypto/rsa
History
David Benjamin 61ae41f198 Use a minimal totient when generating RSA keys. 
FIPS 186-4 wants d = e^-1 (mod lcm(p-1, q-1)), not (p-1)*(q-1).

Note this means the size of d might reveal information about p-1 and
q-1. However, we do operations with Chinese Remainder Theorem, so we
only use d (mod p-1) and d (mod q-1) as exponents. Using a minimal
totient does not affect those two values.

This removes RSA_recover_crt_params. Using a minimal d breaks (or rather
reveals an existing bug in) the function.

While I'm here, rename those ridiculous variable names.

Change-Id: Iaf623271d49cd664ba0eca24aa25a393f5666fac
Reviewed-on: https://boringssl-review.googlesource.com/15944
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04 19:16:48 +00:00
..
blinding.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
CMakeLists.txt Convert rsa_test to GTest. 2017-02-16 22:23:16 +00:00
internal.h Detach encrypt and keygen hooks from RSA_METHOD. 2017-05-03 19:15:47 +00:00
padding.c Switch constant-time functions to using |crypto_word_t|. 2017-04-21 22:06:05 +00:00
rsa_asn1.c Remove remnants of multiprime RSA parsing. 2017-04-21 17:49:46 +00:00
rsa_impl.c Use a minimal totient when generating RSA keys. 2017-05-04 19:16:48 +00:00
rsa_test.cc Use a minimal totient when generating RSA keys. 2017-05-04 19:16:48 +00:00
rsa.c Use a minimal totient when generating RSA keys. 2017-05-04 19:16:48 +00:00