during the preparation of the self-test patch for pkcs1pad, I noticed the
following strange behavior:
I set an RSA private key with e=0x10001 to generate a signature. This
generation process was successful and the expected signature was generated.
Now, when using the very same TFM with the already set private key and perform
a signature verification on the previously generated signature failed.
After some experiments, I found that I had to set e=0x0000000 ... 10001 where
the size of e is equal to the size of n. Still, signature generation passed.
And now, using the same TFM with the set private key, the signature
verification passed too.
How come that there is a dissimilar handling of e regarding signature
generation and verification?