Fix for RSA private key encryption if p < q. This took ***ages*** to track down.

author: Dr. Stephen Henson <steve@openssl.org> 1999-03-11 03:42:13 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 1999-03-11 03:42:13 +0100
commit: abd4c915271d8660f52e5e8c5b6abc9deed1302a (patch)
tree: 3c2a9fa95c3e7bec297a067bb0e0566854f23beb /crypto/rsa/rsa_eay.c
parent: Just cosmetics: replace a tab with a normal space because (diff)
download: openssl-abd4c915271d8660f52e5e8c5b6abc9deed1302a.tar.xz
openssl-abd4c915271d8660f52e5e8c5b6abc9deed1302a.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 19f61f3bec..609ec04a4c 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -473,6 +473,15 @@ RSA *rsa;
 
 	if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
 	if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
+	/* If p < q it is occasionally possible for the correction of
+         * adding 'p' if r0 is negative above to leave the result still
+	 * negative. This can break the private key operations: the following
+	 * second correction should *always* correct this rare occurrence.
+	 * This will *never* happen with OpenSSL generated keys because
+         * they ensure p > q [steve]
+         */
+	if (r0->neg)
+		if (!BN_add(r0,r0,rsa->p)) goto err;
 	if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
 	if (!BN_add(r0,&r1,&m1)) goto err;
author	Dr. Stephen Henson <steve@openssl.org>	1999-03-11 03:42:13 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	1999-03-11 03:42:13 +0100
commit	abd4c915271d8660f52e5e8c5b6abc9deed1302a (patch)
tree	3c2a9fa95c3e7bec297a067bb0e0566854f23beb /crypto/rsa/rsa_eay.c
parent	Just cosmetics: replace a tab with a normal space because (diff)
download	openssl-abd4c915271d8660f52e5e8c5b6abc9deed1302a.tar.xz openssl-abd4c915271d8660f52e5e8c5b6abc9deed1302a.zip