New RSA flag RSA_FLAG_EXT_PKEY, to always call rsa_mod_exp.

CHANGES

@@ -4,6 +4,15 @@
 
  Changes between 0.9.3a and 0.9.4  [xx Jul/Aug/...? 1999]
 
+  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+     method only got called if p,q,dmp1,dmq1,iqmp components were present,
+     otherwise bn_mod_exp was called. In the case of hardware keys for example
+     no private key components need be present and it might store extra data
+     in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
+     RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
+     operations.
+     [Steve Henson]
+
   *) Added support for SPARC Linux.
      [Andy Polyakov]
 

STATUS

@@ -1,6 +1,6 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/07/25 12:19:02 $
+  ______________                           $Date: 1999/07/27 21:58:06 $
 
   DEVELOPMENT STATE
 
@@ -27,8 +27,6 @@
 
     o Steve is currently working on (in no particular order):
         Proper (or at least usable) certificate chain verification.
-        Documentation on X509 V3 extension code.
-	PKCS #8 and PKCS#5 v2.0 support.
 	Private key, certificate and CRL API and implementation.
 	Checking and bugfixing PKCS#7 (S/MIME code).
 

crypto/rsa/rsa.h

@@ -108,7 +108,7 @@ struct rsa_st
 	BIGNUM *dmp1;
 	BIGNUM *dmq1;
 	BIGNUM *iqmp;
-	/* be carefull using this if the RSA structure is shared */
+	/* be careful using this if the RSA structure is shared */
 	CRYPTO_EX_DATA ex_data;
 	int references;
 	int flags;
@@ -133,6 +133,12 @@ struct rsa_st
 #define RSA_FLAG_CACHE_PRIVATE		0x04
 #define RSA_FLAG_BLINDING		0x08
 #define RSA_FLAG_THREAD_SAFE		0x10
+/* This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag bn_mod_exp
+ * gets called when private key components are absent.
+ */
+#define RSA_FLAG_EXT_PKEY		0x20
 
 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2

crypto/rsa/rsa_eay.c

@@ -205,11 +205,12 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
 	if (rsa->flags & RSA_FLAG_BLINDING)
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
 
-	if (	(rsa->p != NULL) &&
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
 		(rsa->q != NULL) &&
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
+		(rsa->iqmp != NULL)) )
 		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{
@@ -278,11 +279,12 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
 
 	/* do the decrypt */
-	if (	(rsa->p != NULL) &&
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
 		(rsa->q != NULL) &&
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
+		(rsa->iqmp != NULL)) )
 		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{