A bijou problemette in rsa.cpp. When doing the blinding when computing the RSA Private Inverse function (InvertibleRSAFunction::CalculateInverse) there is no check to ensure the random number used for blinding (r) has gcd (r,n) == 1. A a result of this there is a chance that the method will throw a ``computational error during private key operation'' exception when it need not.
It is possible to just retry the method and it'll probably work the next time but this is a slight problem. In essence, the random number chosen mustn't be a multiple of p or q. For sufficiently large p and q this is pretty rare but I tried a test case with p = 251, q = 233 and e = 3 and it blew up pretty quickly. Just for reference, 16 bit RSA does not provide the highest degree of security.... Can we call it ``export grade''? Sort of on the subject, asking Crypto++ to generate RSA keys has a possibility of creating invalid ones. Going back to my 16-bit keys (I know this is an extreme example, but it makes the probabilities higher) it can choose p = 233 and q = 211 (using e = 3 as before). With these values it is impossible to calculate d as there is no d such that ed = 1 mod phi. This is clearly unlikely for real world numbers. Comments? Jim.
