diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-08 19:27:06 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-15 09:23:18 +0200 |
commit | 7e43baed2a4cc050b301650c4a45ebdd54a30b5f (patch) | |
tree | ba88ce8f2a22394ee7329de560f4011730abcb2a /providers | |
parent | 85fcc3fb777c527a614e58c23609210a9edf893b (diff) |
Do not allow creating empty RSA keys by duplication
Also avoid crashing in rsa_get_params on empty keys.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/keymgmt/rsa_kmgmt.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index f0d1896ec0..a075c54487 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -306,15 +306,16 @@ static int rsa_get_params(void *key, OSSL_PARAM params[]) const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); OSSL_PARAM *p; + int empty = RSA_get0_n(rsa) == NULL; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL - && !OSSL_PARAM_set_int(p, RSA_bits(rsa))) + && (empty || !OSSL_PARAM_set_int(p, RSA_bits(rsa)))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL - && !OSSL_PARAM_set_int(p, RSA_security_bits(rsa))) + && (empty || !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL - && !OSSL_PARAM_set_int(p, RSA_size(rsa))) + && (empty || !OSSL_PARAM_set_int(p, RSA_size(rsa)))) return 0; /* @@ -648,7 +649,9 @@ static void *rsapss_load(const void *reference, size_t reference_sz) static void *rsa_dup(const void *keydata_from, int selection) { - if (ossl_prov_is_running()) + if (ossl_prov_is_running() + /* do not allow creating empty keys by duplication */ + && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) return ossl_rsa_dup(keydata_from, selection); return NULL; } |