Hi there,
I've taken ownership of this ticket (#86) for now, but I don't think it'll last long. IMHO, this "bug" is not a bug. If you look at the implementation of RSA_check_key() you'll realise that this function is designed to test an RSA key structure - not just the essential key elements (n,e,d) but all the performance-enhancing extras too; the primes and the CRT bits. This function is not useful on public keys nor is it useful on HSM keys, for obvious reasons. Why are you calling this function when using a hardware key? If you want to provide a convincing argument for why an alternative key check function might be useful, we could perhaps look at supplementing the API insteal. Eg. are you looking for something like; RSA_check_public_key()? Right now I can't see the current behaviour of RSA_check_key() as representing a bug. It may not be intuitive, but I'm reluctant to change the behaviour of the existing API function (breaking compatibility) for that reason alone. I have changed the status of this ticket to 'stalled', but will refrain from closing it for now. OTOH: if you agree with my interpretation, please let me know and I'll close this. Regards, Geoff -- Geoff Thorpe, RT/openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
