kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
c1c6eeb5e2
boringssl/crypto/fipsmodule/rsa
History
David Benjamin c1c6eeb5e2 Check d is mostly-reduced in RSA_check_key. 
We don't check it is fully reduced because different implementations use
Carmichael vs Euler totients, but if d exceeds n, something is wrong.
Note the fixed-width BIGNUM changes already fail operations with
oversized d.

Update-Note: Some blatantly invalid RSA private keys will be rejected at
    RSA_check_key time. Note that most of those keys already are not
    usable with BoringSSL anyway. This CL moves the failure from
    sign/decrypt to RSA_check_key.

Change-Id: I468dbba74a148aa58c5994cc27f549e7ae1486a2
Reviewed-on: https://boringssl-review.googlesource.com/26374
Reviewed-by: Adam Langley <alangley@gmail.com>
2018-03-30 19:54:10 +00:00
..
blinding.c Don't bother retrying in bn_blinding_create_param. 2018-03-05 20:48:41 +00:00
internal.h Replace rsa_greater_than_pow2 with BN_cmp. 2018-03-30 19:53:18 +00:00
padding.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
rsa_impl.c Make RSA key generation constant-time. 2018-03-30 19:53:52 +00:00
rsa.c Check d is mostly-reduced in RSA_check_key. 2018-03-30 19:54:10 +00:00