`RsaPrivateKey::validate()` does not ensure `precompute()` won't fail

Open fjarri opened this issue 8 months ago • 1 comments

In RsaPrivateKey::from_components(), precompute() errors are ignored because it is claimed that the previous call to validate() guarantees it succeeds.

First of all, this is not the case - there can be bugs in precompute itself. I bumped into it while working on #506. In

let q_mod_p = BoxedMontyForm::new(q_mod_p, p_params.clone());

where I accidentally typed q_params instead of p_params, so the subsequent inversion failed.

Second, what are we even achieving by ignoring the errors there? Are there valid keys for which the values cannot be precomputed? from_components() already returns a Result, we might as well just forward the precompute() error to it.

Apr 27 '25 21:04 fjarri

Ran into it in #526 as well and noted the existing comments are contradictory. If validating the public key is supposed to ensure precomputation won't fail, then we should bubble the error up if it does

Jun 16 '25 19:06 tarcieri