Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes:
> The release of OpenSSL 0.9.6a beta3 and the true release have been
> delayed. The reason for the delay is mainly due to the following
> paper and the need to add a fix for the problem it describes:
>
> http://crypto.stanford.edu/~dabo/abstracts/faults.html
Thanks for addressing this issue. The current fix for RSA-CRT, i.e.
+ if (rsa->e && rsa->n)
+ {
+ if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+ if (BN_cmp(I, &vrfy) != 0)
+ {
+ if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+ }
+ }
is not activated if the key material doesn't provide n. Wouldn't it
be a good idea to calculate n = pq if it's not present?
Of course, calculating e is not so easy, but it should be possible to
derive it as well (from d and q).
OTOH, it's probably faster to calculate n = pq and not to rely CRT at
all.
--
Florian Weimer [EMAIL PROTECTED]
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]