Florian Weimer wrote:
>
>
> Thanks for addressing this issue. The current fix for RSA-CRT, i.e.
>
> + if (rsa->e && rsa->n)
> + {
> + if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
> + if (BN_cmp(I, &vrfy) != 0)
> + {
> + if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
> + }
> + }
>
> is not activated if the key material doesn't provide n. Wouldn't it
> be a good idea to calculate n = pq if it's not present?
>
> Of course, calculating e is not so easy, but it should be possible to
> derive it as well (from d and q).
>
> OTOH, it's probably faster to calculate n = pq and not to rely CRT at
> all.
>
Well that will only happen if an application is filling in the structure
manually. We could add a comment saying that n and e should always be
included unless its some hardware based solution and its known to check
the result.
Other things such a certificate requests and making self signed
certificates wont work if n and e aren't present.
The normal routines that populate an RSA structure from a PKCS#1
RSAPrivateKey structure will always include e and n.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
