Jim was having trouble getting this to the list, so I'm forwarding on his behalf.
---------- Forwarded Message ---------- Subject: Re: a bug in RSA_public_encrypt with RSA_NO_PADDING Date: March 25, 2004 12:07 pm From: Jim Schneider <[EMAIL PROTECTED]> To: Geoff Thorpe <[EMAIL PROTECTED]> I'd tried to respond to this thread earlier, but the listserv bounced the message with a confusing response - I suspect it was a DNS failure, but I'm not sure. Could you perhaps forward this to the list for me? Thank you. On Thursday 25 March 2004 11:09, Geoff Thorpe wrote: > On March 25, 2004 10:44 am, Richard Levitte - VMS Whacker wrote: > > I guess that allowing an input size that's smaller than the modulus > > size could be doable, but isn't adviceable for security reasons or > > something like that... Actually, there are only security implications if the input size is so small that M^e < kn (M is the message, e is the public exponent, n is the modulus, and k is a small factor - probably less than five). For implementations where e is 65537, n would have to be on the order of 64k bits before this is an issue, provided M is greater than or equal to 2. Want more security? Use an e of 131101 (if you want to make sure e is prime) or 131073 (if you can find its inverse modulo (p-1)(q-1)) > Well it could all be handled relative to the padding parameters, the > issue again is that the API isn't exposed in this form and changing it > involves ... well, you know very well what that involves. <shudder> Why not steal a page from Microsoft's playbook, and have a parallel API? Call the function RSA_public_encrypt_ext, and have it take an explicit input AND output buffer length. This function would be pretty much the same as the existing RSA_public_encrypt function, and the original function could be eventually implement in terms of the new one, so the support burden wouldn't be that big. > I think this is just one of those things that doesn't warrant us > messing with it right now - if someone cares enough, they could clarify > the relevant docs. > > Cheers, > Geoff ------------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
