Fix the LCM computation in the RSA multiprime key check

Fixes #20693

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20708)

diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
index f2fc89285bd27d344a5ae3fc1b1a20db0910759b..73ac607da94897c84cea98a67eca89acbc2cb464 100644 (file)
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -124,13 +124,17 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
         ret = -1;
         goto err;
     }
+    if (!BN_div(m, NULL, l, m, ctx)) { /* remainder is 0 */
+        ret = -1;
+        goto err;
+    }
     for (idx = 0; idx < ex_primes; idx++) {
         pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
         if (!BN_sub(k, pinfo->r, BN_value_one())) {
             ret = -1;
             goto err;
         }
-        if (!BN_mul(l, l, k, ctx)) {
+        if (!BN_mul(l, m, k, ctx)) {
             ret = -1;
             goto err;
         }
@@ -138,12 +142,12 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
             ret = -1;
             goto err;
         }
+        if (!BN_div(m, NULL, l, m, ctx)) { /* remainder is 0 */
+            ret = -1;
+            goto err;
+        }
     }
-    if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
-        ret = -1;
-        goto err;
-    }
-    if (!BN_mod_mul(i, key->d, key->e, k, ctx)) {
+    if (!BN_mod_mul(i, key->d, key->e, m, ctx)) {
         ret = -1;
         goto err;
     }

diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t
index 2ab4e56f93510ea88aa1d69378f29ce11fb722d0..ffaf36cd52ffde902822b5b26a269748670be90d 100644 (file)
--- a/test/recipes/15-test_mp_rsa.t
+++ b/test/recipes/15-test_mp_rsa.t
@@ -35,10 +35,13 @@ my @test_param = (
     },
 );
 
-plan tests => 1 + scalar(@test_param) * 5 * 2;
+plan tests => 2 + scalar(@test_param) * 5 * 2;
 
 ok(run(test(["rsa_mp_test"])), "running rsa multi prime test");
 
+ok(run(app(['openssl', 'pkey', '-noout', '-check', '-in',
+            data_file('rsamplcm.pem')])), "checking lcm in key check");
+
 my $cleartext = data_file("plain_text");
 
 # genrsa

diff --git a/test/recipes/15-test_mp_rsa_data/rsamplcm.pem b/test/recipes/15-test_mp_rsa_data/rsamplcm.pem
new file mode 100644 (file)
index 0000000..3196ea0
--- /dev/null
+++ b/test/recipes/15-test_mp_rsa_data/rsamplcm.pem
@@ -0,0 +1,55 @@
+-----BEGIN PRIVATE KEY-----
+MIIJ3gIBADANBgkqhkiG9w0BAQEFAASCCcgwggnEAgEBAoICAQChMJM44ZMm2OQI
+eKTnSEFib0cmahfRV8Byh5fKbcliL8aHRx9IJskg72JRiFfwnsWCYfsrrNzSAY4B
+phPE4gZzdN45HTc32rvSzxImNBiIvhA3duzMmFwWBO9RBrNNZQZI3HJ/P3S0iNfV
+ZvJz75ClJaQOtXrF9yluBaoFW7spRfMQNXqvYqZXXYMfx8KiQ62FWPEmQOAYrArn
+PgB58LJKPAP2d2TwhEKGYjfi45zWAb4GUhCVYqXev/zQyW+oyvhcxlSSrtfmyFpU
+7q7crI8ZLz7DLelG2jx5Z83+IiOahIRtENma2Ct+2e0dnH+vrq6eVRiKaHnmBwrR
+oR9Oot13kSUhHsYekWDqZDkeAUNxCnoV9Op/I/vsON6fBXKa2N/sICRDihJGLdaN
+/Ust2z+Jrn1BBAVEaJVZeePiPJSb6JtVW66erhfkxhyLx17mTNF5v1VRK+M8ZdVt
+WUxNCisSCVi3aEVQ5hpcVmOgynR3f1rEDO4WuoOoq/CrE6ESr/2qvmetkXgpOnxQ
+s5XZlE5pbB7Xtfkc0rtEmy23RGywq5MzF0N088h7b3cN1i6rXWbAKwBeCXY9POK0
+lxPydRwsQsnS9W2qkMLMjIHXJlarpxKUtY+XWr0U9BL4x6qrNAMhSZUjTkUil8Y8
+PFYwVLmQNKj6tAM7Ab0IsQax4YszcQIDAQABAoIB/28iCS5bdr6XPY7+N3CvU6hI
+EiDK5PHFQDKqb/xRT0ImyEWBPOrEUwRvE8FJFdiSnxK9fL7fTZoMVVDMKv5GeV5u
+w5qPfqsPO7S9cu/ZbYGvRgOWHtbJMhvg7i5iOilbXQPLYWvJchQ6nV3NIHl6utcu
+SwRue0FGz+dhbIxZBYMB8z87PFxgBDKvLQgY6JspArGQL0U//5QmWF7H/JqJynfu
+WvH3GSy819y7S8XFXgQGytalUue8sa9am9ROBlFRy21HuoSZskKTmT5XB43lO18g
+jTYZBO8loHG5lihn0BbDfIehckhYMCz/qFJrdln/kCe+6kx78fhzixXOhQxANKnR
+dOHP2V5xsTix/Y3RvRL/yBGaPEDBIFMmFGDV8z7cAtF9gI+iSJUjR1dDNNoBgarc
+oCj99p+A0BV5AaJKeO7pumMHqNs1Xh+uZTyx2s4E9TeI2Yhf28AJS+h7bWnIIuua
+qe9ajptul2QuVlD05dqzZq+QjHhSpP1IbRQsosFYDwZDFklsaFMJ1gzmlNWGFGp1
+yDKmZhUCuYF0q8p5g4nixnVGcWe6wzPQv2tPrijKAX78als0HhjACoJXwVbohkPo
+4vhdUtIquUmZmGzlELMhEcjiqLCzOx01jhPiy3cHCxIkgjL7+sy2P/DNziOyFZPC
+m56Uif62o8CVDGcPN1ECgYEA+GJmtHmVQaoYXwR6l7aYFtuScMJuDZwLQ3hafV8W
+Fa7/it0F9UD+H0RC1Jn8vN55oeDD45Hw/9yxGUkdWYPh0gcMsl5PkOL5BVD62aM9
+wn2WZ2FqOdrZ0iZzXks7WC6gTWf4CNqIR6f8BfMoj6Xj81fq+KqSmuD9uqLWMPkL
+vzcCgYEAxRTNf1AbZhTmMkMIRO1oJbFzu4kW3tUG+MQFT3A3+dPxHn0fDkOmFkNe
+unrMPLCrJTDfNPBBQuI1NMTz9URoIcFoiyMqUvmwWLf1NlfXVJnA/SMeLsJuw749
+G5y4Tv+o8p8XeeH4/B8WKujqZeWD3l6y632GPqKNUQ1ilcv6kosCgYEA5GhInem4
+cVvjcW0C9wR4M3zS21JQNb+rM+42+Fc6TdJRN/csBW4wwbvZ4PuByISlQVEZkemg
+vwjI6sGrdaerP6Iv8M59SHUQHe1r4DsXDgTDDGoubulrqK6nJKz1849c5hGXqzya
+WZqGTUpfoEkip6HPd8ATdM01Ri173ikGvl0CgYBTj3Vt1H45cwUDLI62At7UlH+Y
+dRCgXDw/f4Us4EyrfWRPZAel2aLy74+bi3NLDDEUbLtGy9Mv049xl0xEosNwBHwZ
++kf4tGtDwoOSjf37ndFIwvoKI2ApWGC6c2FmBVoRvMiMYfZal6eje+veVkjqIMbF
+uAwSRIOcaQtyrfDI7wKBgBNLowhr4m5L+p2D2SMx/BEmBl04L+HNBWQ0Pf3/RTc3
+/vDwgI9wF6w4lG+gpKNwp+UGT8zdASzSxjo9aV2PgfXwqNap9hKfnyvvjUdF2WDm
+ysBOmjbbU+03UvVFJrRMxltN8cu+jfX4R6HdxiiPF2n/PzW7kcE+SbdcysSUmnJX
+MIIDHjCCAYsCgYEA+7KNCLZLbS/LtgxW6XHcysuudvnS5ivdXguxio8kUpmkhEaC
+JHgDgrDXTUBDK9VHqY/uUY9obWjYthWR+MmUJ+isQIyIdujFbFsgvO9YyuPoBvWw
+9PTPMk32GE9XfYhy866pE+UpON4dLkaZfU6POYTPafCN1KEQ/xVjF5LdI7UCgYEA
+jAyTsQ9N9NktboR7L7XtduHSl9z2XqB1skirZz+ypEtdYUSiUYx915BynEdvmMo5
+771oi/VR098NBnQGHvp696HdhqUroY5vm5UxKC+9plcd2hGHfyVgzMrYbjpnoi/0
+VmcPKUTPpRbiAcfCzBiUVRrzFi2FnZRpkqXh11IevikCgYANVNtUnTAYTUM2PKTX
+NSKgUF3idCans2yotCl6xkCm0NA5+pj+Lqd54yF54JNif7VdCLQQP7cBsGst93L9
+Gwk0vNbntpdfjprmsF6xerXmkzmyHROVWbHyavpaeoJpKBZdgh/HcFaP1n6BkI70
+Kqn5H3HVhb623tXPNAGRcuRShDCCAYsCgYEA23ytxzFECsxJR+48k+1B4RRb8mS3
+dTDPm/+hwWDOAGSouv5iHtlCbzHtJJZHAXrJe9zXE6t0G5u6GUsB/SkIMo++pj0P
+48Ol/vXUJP4mPJXUrWMJGndEUQwlygmm1CkN6+CLCYvfU//gS06ePqqagipL41nk
+6NTLchQfhAh31DECgYAwOtBw4emCuessbDRRiSQd0nx14h3SGZy1OdIQjTYXLgdJ
+t9ZV0wXfK0hh7sfBknqtxhRY1ScZXfnhzvKr75VGjwGkw+w272oNgXVRf6tlSsNG
+Kmn4r9aKPLIdGEvZeP//IgNLYLn9Wk+uHKN3P8Pd8G9mkP1VEFV4RuW5/KZgMQKB
+gQCRkPn1I58UdGpQf5HzOLsZYWfsoj1RlYUULVCynM9V1FD6uiVeS3VlXNUXAZZj
+wQGJF3jx1/xnG5kIpcORq+5t3Oz+Qe6KAOmLyu0R9AUrlreTtHLBFBFLyjXJ/p+O
+BiCxZMc6HI7nc0pY8bdcKv/vw7mKRGNuuiZ7+KvWLAX9Pg==
+-----END PRIVATE KEY-----