[Botan-devel] Bug: Dropping leading zeros

Jack Lloyd lloyd at randombit.net
Fri May 28 12:28:13 EDT 2010

On Fri, May 28, 2010 at 06:09:26PM +0200, Rickard Bellgrim wrote:

> Hmm, but shouldn't Botan enforce that the input data has the same
> length as the modulus? Then Botan do not have to pad it with
> leading zeros and then you also get the correct data back when you
> decrypt it, since Botan know the modulus size.

Maybe. Really the main reason for the Raw support (beyond testing) is
the ability to use an encoding that isn't supported by botan. And a
few old protocols do use RSA without padding with short strings, for
instance SSHv1, and likely there are various custom protocols floating
around that also do this. To allow such things to be implemented in
botan, I didn't want to add any restrictions along these lines.

If you're going to be exposing raw RSA to callers, you could enforce
the length restriction yourself; call max_input_bits() on the key and
round down to the nearest byte.


More information about the botan-devel mailing list