Don't crash when decrypting with public keys.

Public and private RSA keys have the same type in OpenSSL, so it's
probably prudent for us to catch this case with an error rather than
crash. (As we do if you, say, configure RSA-PSS parameters on an Ed25519
EVP_PKEY.) Bindings libraries, in particular, tend to hit this sort of
then when their callers do silly things.

Change-Id: I2555e9bfe716a9f15273abd887a8459c682432dd
Reviewed-on: https://boringssl-review.googlesource.com/17325
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-06-22 10:53:25 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent 6fff386492
commit e55b32ddff
2 changed files with 21 additions and 0 deletions

View File

@ -533,6 +533,11 @@ err:
int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
size_t len) { size_t len) {
if (rsa->n == NULL || rsa->d == NULL) {
OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);
return 0;
}
BIGNUM *f, *result; BIGNUM *f, *result;
BN_CTX *ctx = NULL; BN_CTX *ctx = NULL;
unsigned blinding_index = 0; unsigned blinding_index = 0;

View File

@ -697,6 +697,22 @@ TEST(RSATest, BlindingDisabled) {
RSA_verify(NID_sha256, kZeros, sizeof(kZeros), sig, sig_len, rsa.get())); RSA_verify(NID_sha256, kZeros, sizeof(kZeros), sig, sig_len, rsa.get()));
} }
// Test that decrypting with a public key fails gracefully rather than crashing.
TEST(RSATest, DecryptPublic) {
bssl::UniquePtr<RSA> pub(
RSA_public_key_from_bytes(kFIPSPublicKey, sizeof(kFIPSPublicKey) - 1));
ASSERT_TRUE(pub);
ASSERT_EQ(1024u / 8u, RSA_size(pub.get()));
size_t len;
uint8_t in[1024 / 8] = {0}, out[1024 / 8];
EXPECT_FALSE(RSA_decrypt(pub.get(), &len, out, sizeof(out), in, sizeof(in),
RSA_PKCS1_PADDING));
uint32_t err = ERR_get_error();
EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err));
EXPECT_EQ(RSA_R_VALUE_MISSING, ERR_GET_REASON(err));
}
#if !defined(BORINGSSL_SHARED_LIBRARY) #if !defined(BORINGSSL_SHARED_LIBRARY)
TEST(RSATest, SqrtTwo) { TEST(RSATest, SqrtTwo) {
bssl::UniquePtr<BIGNUM> sqrt(BN_new()), pow2(BN_new()); bssl::UniquePtr<BIGNUM> sqrt(BN_new()), pow2(BN_new());