diff options
author | Richard Levitte <levitte@openssl.org> | 2020-08-18 23:00:24 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-08-20 07:50:55 +0200 |
commit | 26a8f2ac95ad4f652b1719aab356ad9c042c6fad (patch) | |
tree | fb201b21e5a9c5da29c3c40f08c79216d462bb36 /crypto/rsa | |
parent | e6ed04a9dcc2ead94e35c4a7400b9c998b5ad9ac (diff) |
RSA: Fix rsa_todata() to only add params for existing data
The RSA key could be a public key, and yet, rsa_todata() always tries
to add the private parts as well. The resulting parameters will look
a bit odd, such as a zero |d|, resulting in an invalid key.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12676)
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/rsa_backend.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 985a21127a..871aa17a22 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -120,6 +120,10 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); rsa_get0_all_params(rsa, factors, exps, coeffs); + if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n) + || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e)) + goto err; + /* Check private key data integrity */ if (rsa_d != NULL) { int numprimes = sk_BIGNUM_const_num(factors); @@ -134,18 +138,18 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) if (numprimes != 0 && (numprimes < 2 || numexps < 2 || numcoeffs < 1)) goto err; - } - if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n) - || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e) - || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, rsa_d) - || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_factor_names, - factors) - || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_exp_names, - exps) - || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_coeff_names, - coeffs)) + if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, + rsa_d) + || !ossl_param_build_set_multi_key_bn(bld, params, + rsa_mp_factor_names, factors) + || !ossl_param_build_set_multi_key_bn(bld, params, + rsa_mp_exp_names, exps) + || !ossl_param_build_set_multi_key_bn(bld, params, + rsa_mp_coeff_names, coeffs)) goto err; + } + #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) /* The acvp test results are not meant for export so check for bld == NULL */ if (bld == NULL) |