RSA: Fix rsa_todata() to only add params for existing data

The RSA key could be a public key, and yet, rsa_todata() always tries to add the private parts as well. The resulting parameters will look a bit odd, such as a zero |d|, resulting in an invalid key. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12676)
author: Richard Levitte <levitte@openssl.org> 2020-08-18 23:00:24 +0200
committer: Richard Levitte <levitte@openssl.org> 2020-08-20 07:50:55 +0200
commit: 26a8f2ac95ad4f652b1719aab356ad9c042c6fad (patch)
tree: fb201b21e5a9c5da29c3c40f08c79216d462bb36 /crypto/rsa
parent: e6ed04a9dcc2ead94e35c4a7400b9c998b5ad9ac (diff)
1 files changed, 14 insertions, 10 deletions
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index 985a21127a..871aa17a22 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -120,6 +120,10 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
     RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
     rsa_get0_all_params(rsa, factors, exps, coeffs);
 
+    if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
+        || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e))
+        goto err;
+
     /* Check private key data integrity */
     if (rsa_d != NULL) {
         int numprimes = sk_BIGNUM_const_num(factors);
@@ -134,18 +138,18 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
         if (numprimes != 0
             && (numprimes < 2 || numexps < 2 || numcoeffs < 1))
             goto err;
-    }
 
-    if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
-        || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e)
-        || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, rsa_d)
-        || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_factor_names,
-                                              factors)
-        || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_exp_names,
-                                              exps)
-        || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_coeff_names,
-                                              coeffs))
+        if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
+                                     rsa_d)
+            || !ossl_param_build_set_multi_key_bn(bld, params,
+                                                  rsa_mp_factor_names, factors)
+            || !ossl_param_build_set_multi_key_bn(bld, params,
+                                                  rsa_mp_exp_names, exps)
+            || !ossl_param_build_set_multi_key_bn(bld, params,
+                                                  rsa_mp_coeff_names, coeffs))
         goto err;
+    }
+
 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
     /* The acvp test results are not meant for export so check for bld == NULL */
     if (bld == NULL)
author	Richard Levitte <levitte@openssl.org>	2020-08-18 23:00:24 +0200
committer	Richard Levitte <levitte@openssl.org>	2020-08-20 07:50:55 +0200
commit	26a8f2ac95ad4f652b1719aab356ad9c042c6fad (patch)
tree	fb201b21e5a9c5da29c3c40f08c79216d462bb36 /crypto/rsa
parent	e6ed04a9dcc2ead94e35c4a7400b9c998b5ad9ac (diff)