SEGV with RSA blinding turned on

[Dave Chamness]

With RSA blinding turned on (as is the default with the latest
security patches from SuSE, RedHat, etc.), I am getting a SEGV in
BN_num_bits() from a call to RSA_private_decrypt(). If I turn off
blinding, with RSA_blinding_off(), everything works again. I think
I'm using the API correctly with this test program below. Anybody see
anything obviously wrong here?

#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/err.h>

int
main()
{
int i, ret;
u_char buf[132], buf2[132];
RSA *rsa, *pri, *pub;

if ((rsa = RSA_generate_key(1024, RSA_F4, 0, 0)) == NULL) {
fprintf(stderr, "RSA_generate_key: error %ld\n",
ERR_get_error());
exit(1);
}

if ((pri = RSA_new()) == NULL) {
fprintf(stderr, "RSA_new: error %ld\n",
ERR_get_error());
exit(1);
}

pri->n = BN_dup(rsa->n);
pri->d = BN_dup(rsa->d);
pri->p = BN_dup(rsa->p);
pri->q = BN_dup(rsa->q);
pri->dmp1 = BN_dup(rsa->dmp1);
pri->dmq1 = BN_dup(rsa->dmq1);
pri->iqmp = BN_dup(rsa->iqmp);

if ((pub = RSA_new()) == NULL) {
fprintf(stderr, "RSA_new: error %ld\n",
ERR_get_error());
exit(1);
}

pub->n = BN_dup(rsa->n);
pub->e = BN_dup(rsa->e);

RSA_free(rsa);

memset(buf, 0, sizeof(buf));

printf("testing encryption with password \"testing\"\n");
if ((ret = RSA_public_encrypt(7, (u_char *)"testing", buf,
pub, RSA_PKCS1_OAEP_PADDING)) < 0) {
fprintf(stderr, "RSA_public_encrypt: error %ld\n",
ERR_get_error());
exit(1);
}

memset(buf2, 0, sizeof(buf2));
#if 0
RSA_blinding_off(pri);
#endif
if ((ret = RSA_private_decrypt(ret, buf, buf2, pri,
RSA_PKCS1_OAEP_PADDING)) < 0) {
fprintf(stderr, "RSA_private_decrypt: error %ld\n",
ERR_get_error());
exit(1);
}

printf("decrypted password is \"%s\"\n", buf2);

RSA_free(pri);
RSA_free(pub);
exit(0);
}