diff options
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/rsa.rst | 4 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/rsa.py | 2 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 3 |
3 files changed, 6 insertions, 3 deletions
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 4cf9fa78..10e48b4a 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -509,7 +509,9 @@ this without having to do the math themselves. .. note:: When recovering prime factors this algorithm will always return ``p`` - and ``q`` such that ``p < q``. + and ``q`` such that ``p > q``. Note: before 1.5, this function always + returned ``p`` and ``q`` such that ``p < q``. It was changed because + libraries commonly require ``p > q``. :return: A tuple ``(p, q)`` diff --git a/src/cryptography/hazmat/primitives/asymmetric/rsa.py b/src/cryptography/hazmat/primitives/asymmetric/rsa.py index d78b1b41..3157aed4 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/src/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -257,7 +257,7 @@ def rsa_recover_prime_factors(n, e, d): # Found ! q, r = divmod(n, p) assert r == 0 - + p, q = sorted((p, q), reverse=True) return (p, q) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index e4e43780..81e3f946 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -1985,10 +1985,11 @@ class TestRSAPrimeFactorRecovery(object): private["private_exponent"] ) # Unfortunately there is no convention on which prime should be p - # and which one q. The function we use always makes p < q, but the + # and which one q. The function we use always makes p > q, but the # NIST vectors are not so consistent. Accordingly, we verify we've # recovered the proper (p, q) by sorting them and asserting on that. assert sorted([p, q]) == sorted([private["p"], private["q"]]) + assert p > q def test_invalid_recover_prime_factors(self): with pytest.raises(ValueError): |