Add input check to rsa_decrypt family of functions.

(cherry picked from commit 0ad0b5df315665250dfdaa4a1e087f4799edaefe)
author: Niels Möller <nisse@lysator.liu.se> 2021-06-08 21:32:38 +0200
committer: Niels Möller <nisse@lysator.liu.se> 2021-06-08 21:32:38 +0200
commit: c80961c646b0962ab152619ac0a7c6a21850a380 (patch)
tree: 5630616bfb4ceb3704e329aa6a8afdf37b10f546 /rsa.h
parent: cd6059aebdd3059fbcf674dddb850b821c13b6c2 (diff)
download: nettle-c80961c646b0962ab152619ac0a7c6a21850a380.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/rsa.h b/rsa.h
index 3b10155f..2dd35a2d 100644
--- a/rsa.h
+++ b/rsa.h
@@ -428,13 +428,14 @@ rsa_sec_decrypt(const struct rsa_public_key *pub,
 	        size_t length, uint8_t *message,
 	        const mpz_t gibberish);
 
-/* Compute x, the e:th root of m. Calling it with x == m is allowed. */
+/* Compute x, the e:th root of m. Calling it with x == m is allowed.
+   It is required that 0 <= m < n. */
 void
 rsa_compute_root(const struct rsa_private_key *key,
 		 mpz_t x, const mpz_t m);
 
 /* Safer variant, using RSA blinding, and checking the result after
-   CRT. */
+   CRT. It is required that 0 <= m < n. */
 int
 rsa_compute_root_tr(const struct rsa_public_key *pub,
 		    const struct rsa_private_key *key,
author	Niels Möller <nisse@lysator.liu.se>	2021-06-08 21:32:38 +0200
committer	Niels Möller <nisse@lysator.liu.se>	2021-06-08 21:32:38 +0200
commit	c80961c646b0962ab152619ac0a7c6a21850a380 (patch)
tree	5630616bfb4ceb3704e329aa6a8afdf37b10f546 /rsa.h
parent	cd6059aebdd3059fbcf674dddb850b821c13b6c2 (diff)
download	nettle-c80961c646b0962ab152619ac0a7c6a21850a380.tar.gz