This avoids the Ruby error. *************************************************** issue: RSA key with even exponent or 1 does not confirm with RFC 3447 (PKCS#1) try e.g. openssl rsa -check with this key -----BEGIN RSA PRIVATE KEY----- MCUCAQACBQCHXk81AgEBAgEBAgMA90MCAwCMJwIBAQIBAQIDALXJ -----END RSA PRIVATE KEY-----
solution: add additional checks and use the already defined error constant RSA_R_BAD_E_VALUE for it patches: --- openssl-1.0.1-beta1/crypto/rsa/rsa_chk.c 2002-12-08 06:24:25.000000000 +0100 +++ openssl-1.0.1-beta1.patch/crypto/rsa/rsa_chk.c 2012-01-06 09:03:27.372609300 +0100 @@ -74,5 +74,13 @@ goto err; } - + + /* e > 1? */ + r = BN_is_one(key->e); + if (r == 1) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE); + } + /* p prime? */ r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); --- openssl-1.0.1-beta1/crypto/rsa/rsa_pmeth.c 2012-01-02 19:16:39.000000000 +0100 +++ openssl-1.0.1-beta1.patch/crypto/rsa/rsa_pmeth.c 2012-01-06 09:03:27.388234800 +0100 @@ -519,6 +519,9 @@ case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: - if (!p2) + if ( (!p2) || (!BN_is_odd((BIGNUM*)p2)) || BN_is_one((BIGNUM*)p2) ) + { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_BAD_E_VALUE); return -2; + } rctx->pub_exp = p2; return 1; ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org