This avoids the Ruby error.
***************************************************
issue:
RSA key with even exponent or 1 does not confirm with RFC 3447 (PKCS#1)
try e.g.
openssl rsa -check
with this key
-----BEGIN RSA PRIVATE KEY-----
MCUCAQACBQCHXk81AgEBAgEBAgMA90MCAwCMJwIBAQIBAQIDALXJ
-----END RSA PRIVATE KEY-----
solution:
add additional checks and use the already defined error constant
RSA_R_BAD_E_VALUE for it
patches:
--- openssl-1.0.1-beta1/crypto/rsa/rsa_chk.c 2002-12-08 06:24:25.000000000
+0100
+++ openssl-1.0.1-beta1.patch/crypto/rsa/rsa_chk.c 2012-01-06
09:03:27.372609300 +0100
@@ -74,5 +74,13 @@
goto err;
}
-
+
+ /* e > 1? */
+ r = BN_is_one(key->e);
+ if (r == 1)
+ {
+ ret = 0;
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE);
+ }
+
/* p prime? */
r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
--- openssl-1.0.1-beta1/crypto/rsa/rsa_pmeth.c 2012-01-02
19:16:39.000000000 +0100
+++ openssl-1.0.1-beta1.patch/crypto/rsa/rsa_pmeth.c 2012-01-06
09:03:27.388234800 +0100
@@ -519,6 +519,9 @@
case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
- if (!p2)
+ if ( (!p2) || (!BN_is_odd((BIGNUM*)p2)) ||
BN_is_one((BIGNUM*)p2) )
+ {
+ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_BAD_E_VALUE);
return -2;
+ }
rctx->pub_exp = p2;
return 1;
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
