20131029
20131029 14:40:50 by Martin Nilsson <nilsson@opera.com>

acb174f532042f49d9542396fd8d79068d6c76d9
(20 lines)
(+13/7)
^{[
Show
 Annotate
]}
Branch: 7.9
Added some comments about RSA exponent. Changed so that instead of increasing n until GCD(phi)==1, just recalculate p and q to keep the n constant.
162: Inside #if constant(Crypto.Hash)
Gmp.mpz([object(Gmp.mpz)](q1)));
array(Gmp.mpz) gs; /* gcd(pub, phi), and pub^1 mod phi */
 Gmp.mpz pub = Gmp.mpz(
 #ifdef SSL3_32BIT_PUBLIC_EXPONENT
 random(1 << 30) 
 #endif /* SSL3_32BIT_PUBLIC_EXPONENT */
 0x10001);
+
 while ((gs = pub>gcdext2(phi))[0] != 1)
 pub += 1;
+ // For a while it was thought that small exponents were a security
+ // problem, but turned out was a padding problem. The exponent
+ // 0x10001 has however become common practice, although a smaller
+ // value would be more efficient.
+ Gmp.mpz pub = Gmp.mpz(0x10001);

+ // For security reason we need to ensure no common denominator
+ // between n and phi. We could create a different exponent, but
+ // some Crypto packages are hard coded for 0x10001, so instead
+ // we'll just start over.
+ if ((gs = pub>gcdext2(phi))[0] != 1)
+ continue;
+
if (gs[1] < 0)
gs[1] += phi;