Changes between 0.9.3a and 0.9.4 [xx Jul/Aug/...? 1999]
+ *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+ method only got called if p,q,dmp1,dmq1,iqmp components were present,
+ otherwise bn_mod_exp was called. In the case of hardware keys for example
+ no private key components need be present and it might store extra data
+ in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
+ RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
+ operations.
+ [Steve Henson]
+
*) Added support for SPARC Linux.
[Andy Polyakov]
OpenSSL STATUS Last modified at
- ______________ $Date: 1999/07/25 12:19:02 $
+ ______________ $Date: 1999/07/27 21:58:06 $
DEVELOPMENT STATE
o Steve is currently working on (in no particular order):
Proper (or at least usable) certificate chain verification.
- Documentation on X509 V3 extension code.
- PKCS #8 and PKCS#5 v2.0 support.
Private key, certificate and CRL API and implementation.
Checking and bugfixing PKCS#7 (S/MIME code).
BIGNUM *dmp1;
BIGNUM *dmq1;
BIGNUM *iqmp;
- /* be carefull using this if the RSA structure is shared */
+ /* be careful using this if the RSA structure is shared */
CRYPTO_EX_DATA ex_data;
int references;
int flags;
#define RSA_FLAG_CACHE_PRIVATE 0x04
#define RSA_FLAG_BLINDING 0x08
#define RSA_FLAG_THREAD_SAFE 0x10
+/* This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag bn_mod_exp
+ * gets called when private key components are absent.
+ */
+#define RSA_FLAG_EXT_PKEY 0x20
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
- if ( (rsa->p != NULL) &&
+ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ ((rsa->p != NULL) &&
(rsa->q != NULL) &&
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
- (rsa->iqmp != NULL))
+ (rsa->iqmp != NULL)) )
{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
/* do the decrypt */
- if ( (rsa->p != NULL) &&
+ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ ((rsa->p != NULL) &&
(rsa->q != NULL) &&
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
- (rsa->iqmp != NULL))
+ (rsa->iqmp != NULL)) )
{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
projects / openssl.git / commitdiff