OpenSSL RSA blinding assumes Euler to derive e?
wmsopou at gmail.com
Tue Aug 24 15:03:35 UTC 2021
When rsa_crpt.c needs to do blinding of the exponent d and doesn't have the
exponent e, it calculates e from d using Euler's phi function (function
rsa_get_public_exp). But what if the original exponents e and d were
generated using Carmichaels lambda function instead of Euler like the ietf
rfc stipulates? Does the Euler based blinding still work?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users