Daiki Ueno writes:
> ni...@lysator.liu.se (Niels Möller) writes:
>
>> if (mpz_sizeinbase(m, 2) > bits)
>> goto cleanup;
>>
>> (one might also move initial size checks before the allocations).
> I think the above check is too rigid, since it is based on bit-length,
> it
ni...@lysator.liu.se (Niels Möller) writes:
>> + /* Check "integer too long" error of I2OSP. */
>> + if (key_size < nettle_mpz_sizeinbase_256_u(m))
>> +goto cleanup;
>> +
>
> I don't understand the I2OSP acronym. And I think this check would be
> more explicit as
>
> if
Daiki Ueno writes:
> Nikos told me that there is a case where RSA-PSS signature verification
> leads to an assertion failure:
>
> bignum.c:120: nettle_mpz_get_str_256: Assertion
> `nettle_mpz_sizeinbase_256_u(x) <= length' failed.
>
> I thought it wouldn't be possible because
Hello,
Nikos told me that there is a case where RSA-PSS signature verification
leads to an assertion failure:
bignum.c:120: nettle_mpz_get_str_256: Assertion
`nettle_mpz_sizeinbase_256_u(x) <= length' failed.
I thought it wouldn't be possible because 'x' is already rounded by the
RSA modulus