From abd4c915271d8660f52e5e8c5b6abc9deed1302a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 11 Mar 1999 02:42:13 +0000 Subject: [PATCH] Fix for RSA private key encryption if p < q. This took ***ages*** to track down. --- CHANGES | 5 +++++ crypto/rsa/rsa_eay.c | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/CHANGES b/CHANGES index 7abe7b5736..277b540834 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,11 @@ Changes between 0.9.1c and 0.9.2 + *) Fix to RSA private encryption routines: if p < q then it would + occasionally produce an invalid result. This will only happen with + externally generated keys because OpenSSL (and SSLeay) ensure p > q. + [Steve Henson] + *) Be less restrictive and allow also `perl util/perlpath.pl /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', because this way one can also use an interpreter named `perl5' (which is diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 19f61f3bec..609ec04a4c 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -473,6 +473,15 @@ RSA *rsa; if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; + /* If p < q it is occasionally possible for the correction of + * adding 'p' if r0 is negative above to leave the result still + * negative. This can break the private key operations: the following + * second correction should *always* correct this rare occurrence. + * This will *never* happen with OpenSSL generated keys because + * they ensure p > q [steve] + */ + if (r0->neg) + if (!BN_add(r0,r0,rsa->p)) goto err; if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; if (!BN_add(r0,&r1,&m1)) goto err; -- 2.25.1