From 7e43baed2a4cc050b301650c4a45ebdd54a30b5f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 8 Apr 2021 19:27:06 +0200 Subject: Do not allow creating empty RSA keys by duplication Also avoid crashing in rsa_get_params on empty keys. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14793) --- providers/implementations/keymgmt/rsa_kmgmt.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'providers/implementations/keymgmt') diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index f0d1896ec0..a075c54487 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -306,15 +306,16 @@ static int rsa_get_params(void *key, OSSL_PARAM params[]) const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); OSSL_PARAM *p; + int empty = RSA_get0_n(rsa) == NULL; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL - && !OSSL_PARAM_set_int(p, RSA_bits(rsa))) + && (empty || !OSSL_PARAM_set_int(p, RSA_bits(rsa)))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL - && !OSSL_PARAM_set_int(p, RSA_security_bits(rsa))) + && (empty || !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))) return 0; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL - && !OSSL_PARAM_set_int(p, RSA_size(rsa))) + && (empty || !OSSL_PARAM_set_int(p, RSA_size(rsa)))) return 0; /* @@ -648,7 +649,9 @@ static void *rsapss_load(const void *reference, size_t reference_sz) static void *rsa_dup(const void *keydata_from, int selection) { - if (ossl_prov_is_running()) + if (ossl_prov_is_running() + /* do not allow creating empty keys by duplication */ + && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) return ossl_rsa_dup(keydata_from, selection); return NULL; } -- cgit v1.2.3