Fix for RSA private key encryption if p < q. This took ***ages*** to track down.

diff --git a/CHANGES b/CHANGES
index 7abe7b57368d6e6a334e5aa152c258ef2dbd7185..277b54083429d232cf973821f1f0257917c629b7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Fix to RSA private encryption routines: if p < q then it would
+     occasionally produce an invalid result. This will only happen with
+     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+     [Steve Henson]
+
   *) Be less restrictive and allow also `perl util/perlpath.pl
      /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
      because this way one can also use an interpreter named `perl5' (which is

diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 19f61f3bece35239b329d468c480f7227a4a5f92..609ec04a4c87fddfdfccb3b093496b7fea7fdbe4 100644 (file)
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -473,6 +473,15 @@ RSA *rsa;
 
        if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
        if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
+       /* If p < q it is occasionally possible for the correction of
+         * adding 'p' if r0 is negative above to leave the result still
+        * negative. This can break the private key operations: the following
+        * second correction should *always* correct this rare occurrence.
+        * This will *never* happen with OpenSSL generated keys because
+         * they ensure p > q [steve]
+         */
+       if (r0->neg)
+               if (!BN_add(r0,r0,rsa->p)) goto err;
        if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
        if (!BN_add(r0,&r1,&m1)) goto err;