Fix the LCM computation in the RSA multiprime key check

[openssl.git] / crypto / rsa / rsa_chk.c

diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
index f2fc89285bd27d344a5ae3fc1b1a20db0910759b..73ac607da94897c84cea98a67eca89acbc2cb464 100644 (file)
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -124,13 +124,17 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
         ret = -1;
         goto err;
     }
+    if (!BN_div(m, NULL, l, m, ctx)) { /* remainder is 0 */
+        ret = -1;
+        goto err;
+    }
     for (idx = 0; idx < ex_primes; idx++) {
         pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
         if (!BN_sub(k, pinfo->r, BN_value_one())) {
             ret = -1;
             goto err;
         }
-        if (!BN_mul(l, l, k, ctx)) {
+        if (!BN_mul(l, m, k, ctx)) {
             ret = -1;
             goto err;
         }
@@ -138,12 +142,12 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
             ret = -1;
             goto err;
         }
+        if (!BN_div(m, NULL, l, m, ctx)) { /* remainder is 0 */
+            ret = -1;
+            goto err;
+        }
     }
-    if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
-        ret = -1;
-        goto err;
-    }
-    if (!BN_mod_mul(i, key->d, key->e, k, ctx)) {
+    if (!BN_mod_mul(i, key->d, key->e, m, ctx)) {
         ret = -1;
         goto err;
     }