EVP: Check that key methods aren't foreign when exporting

[openssl.git] / crypto / rsa / rsa_ameth.c

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 71aa435bd72b1aa81abe53f56c75707b0dcb3af3..3411b734e5e9d415c1eb06c93f90f7770b0e19e0 100644 (file)
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1092,6 +1092,13 @@ static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     OSSL_PARAM *params = NULL;
     int rv = 0;
 
+    /*
+     * If the RSA method is foreign, then we can't be sure of anything, and
+     * can therefore not export or pretend to export.
+     */
+    if (RSA_get_method(rsa) != RSA_PKCS1_OpenSSL())
+        return 0;
+
     /* Public parameters must always be present */
     if (n == NULL || e == NULL)
         goto err;
@@ -1120,7 +1127,13 @@ static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
         numexps = sk_BIGNUM_const_num(exps);
         numcoeffs = sk_BIGNUM_const_num(coeffs);
 
-        if (numprimes < 2 || numexps < 2 || numcoeffs < 1)
+        /*
+         * It's permisssible to have zero primes, i.e. no CRT params.
+         * Otherwise, there must be at least two, as many exponents,
+         * and one coefficient less.
+         */
+        if (numprimes != 0
+            && (numprimes < 2 || numexps < 2 || numcoeffs < 1))
             goto err;
 
         /* assert that an OSSL_PARAM_BLD has enough space. */