diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-03-11 02:42:13 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-03-11 02:42:13 +0000 |
commit | abd4c915271d8660f52e5e8c5b6abc9deed1302a (patch) | |
tree | 3c2a9fa95c3e7bec297a067bb0e0566854f23beb /crypto/rsa | |
parent | 47c389e7ccca966c903b6ce1b036efb7ad1f81bd (diff) | |
download | openssl-abd4c915271d8660f52e5e8c5b6abc9deed1302a.zip openssl-abd4c915271d8660f52e5e8c5b6abc9deed1302a.tar.gz openssl-abd4c915271d8660f52e5e8c5b6abc9deed1302a.tar.bz2 |
Fix for RSA private key encryption if p < q. This took ***ages*** to track down.
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/rsa_eay.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 19f61f3..609ec04 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -473,6 +473,15 @@ RSA *rsa; if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; + /* If p < q it is occasionally possible for the correction of + * adding 'p' if r0 is negative above to leave the result still + * negative. This can break the private key operations: the following + * second correction should *always* correct this rare occurrence. + * This will *never* happen with OpenSSL generated keys because + * they ensure p > q [steve] + */ + if (r0->neg) + if (!BN_add(r0,r0,rsa->p)) goto err; if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; if (!BN_add(r0,&r1,&m1)) goto err; |