Theres no reason we should gate ossl_rsa_todata on there being a minimum
set of parameters. EVP_PKEY_todata makes no guarantees about the
validity of a key, it only returns the parameters that are set in the
requested key, whatever they may be. Remove the check.
Fixes #21935
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
/* Check private key data integrity */
if (include_private && rsa_d != NULL) {
- int numprimes = sk_BIGNUM_const_num(factors);
- int numexps = sk_BIGNUM_const_num(exps);
- int numcoeffs = sk_BIGNUM_const_num(coeffs);
-
- /*
- * It's permissible to have zero primes, i.e. no CRT params.
- * Otherwise, there must be at least two, as many exponents,
- * and one coefficient less.
- */
- if (numprimes != 0
- && (numprimes < 2 || numexps < 2 || numcoeffs < 1))
- goto err;
if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
rsa_d)