In message <[EMAIL PROTECTED]> on Thu, 25 Mar 2004 10:35:38 -0500, Geoff Thorpe <[EMAIL PROTECTED]> said:
geoff> The only thing that would genuinely change the landscape of geoff> this issue IMHO would be to rerig the RSA API to allow input geoff> lengths to be specified independantly of the modulus/output geoff> length. Right now, output buffers are supplied without a length geoff> parameter and the API has no choice but to assume this matches geoff> the input length, and the problems stem from there. But I geoff> think this is more trouble for less gain than most people would geoff> be willing to take on :-) To begin with, I think the correct interpretation is that the output buffer is required to have the same size as the modulus, so logically, an output size parameter isn't required except for checking purposes. I guess that allowing an input size that's smaller than the modulus size could be doable, but isn't adviceable for security reasons or something like that... ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
