Yes I saw the docs on that a few months and thought it was incredibly
stupid. I did some tests on the OSes I has at the time and it didn't
seem to be implemented so I left it at that.
However as your tests indicate it seems MS have actually gone and done
this.
Have you done some checks on what it actually sends to this offload
function? If it's just sending 'd' and not 'p', 'q' then its not even
using the call properly. Does this also work with "unexportable" private
keys?
I've got NT SP6A somewhere but I haven't installed it yet. I can do some
tests on that. Is the "OffloadModExpo" string in the CSPs affected so I
can do a simple initial check?
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
