After successful RSA key generation, the 'pairwise consistency check routine' in pk11skey.c shows some decent, nevertheless lethal, differences for the sign/verify vs. the encrypt/decrypt test code branch.
While the sign/verify branch falls back to some 'try-and-error-test-signing' in order to get the modulus length right, there is no such thing in the encrypt/decrypt test. Is there a specific reason for not to fall back to a 'try-and-error-test-decrypt' operation?
IMHExperience, this reduces the chances to perform a successful key generation with various PKCS#11 tokens dramatically ;)
Since the NSS code actually just wants to know the _length_ of the modulus, why do you not use the appropriate attribute CKA_MODULUS_BITS instead of the indirect length calculation via the CKA_MODULUS value?
Proposal: Set, let's say, get_modulus_bits(key, attr) first in both the sign and decrypt branches' fallback chains.
Regards
Martin
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
