RT2676: Reject RSA eponent if even or 1

Also, re-organize RSA check to use goto err. Add a test case. Try all checks, not just stopping at first (via Richard Levitte) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Rich Salz <rsalz@openssl.org> 2016-08-22 11:25:12 -0400
committer: Rich Salz <rsalz@openssl.org> 2016-08-22 11:25:12 -0400
commit: 464d59a5bb5811f7671e2bd37f41d610606b829d (patch)
tree: a5483ba43dc4d4de5330cfa7407bd5ccb2bbbd4b /crypto/rsa/rsa_pmeth.c
parent: a66234bc86a959e628e2010687c6fdf0fdbfdac3 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 767c4e7247..e503ada873 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -424,8 +424,10 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return 1;
 
     case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
-        if (!p2)
+        if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) || BN_is_one((BIGNUM *)p2)) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_BAD_E_VALUE);
             return -2;
+        }
         BN_free(rctx->pub_exp);
         rctx->pub_exp = p2;
         return 1;
author	Rich Salz <rsalz@openssl.org>	2016-08-22 11:25:12 -0400
committer	Rich Salz <rsalz@openssl.org>	2016-08-22 11:25:12 -0400
commit	464d59a5bb5811f7671e2bd37f41d610606b829d (patch)
tree	a5483ba43dc4d4de5330cfa7407bd5ccb2bbbd4b /crypto/rsa/rsa_pmeth.c
parent	a66234bc86a959e628e2010687c6fdf0fdbfdac3 (diff)