<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Consolas;

        panose-1:2 11 6 9 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:EN-US;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:#0563C1;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-compose;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:EN-US;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:72.0pt 72.0pt 72.0pt 72.0pt;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-NZ" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal">Hi<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">Since I’m writing a small provider, I’m reading openssl provider source to use as learning tool. Today, I noticed something strange in RSA key management here:

<a href="https://github.com/openssl/openssl/blob/3307338e26862070eaacad6ec7537a63a63b8a90/providers/implementations/keymgmt/rsa_kmgmt.c#L115-L133">

https://github.com/openssl/openssl/blob/3307338e26862070eaacad6ec7537a63a63b8a90/providers/implementations/keymgmt/rsa_kmgmt.c#L115-L133</a><o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">The rsa_has() method is written like this:<o:p></o:p></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">static int rsa_has(const void *keydata, int selection)<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">{<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    const RSA *rsa = keydata;<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    int ok = 1;<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ"><o:p> </o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    if (rsa == NULL || !ossl_prov_is_running())<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">        return 0;<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    if ((selection & RSA_POSSIBLE_SELECTIONS) == 0)<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">        return 1; /* the selection is not missing */<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ"><o:p> </o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    /* OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS are always available even if empty */<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">        ok = ok && (RSA_get0_e(rsa) != NULL);<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">        ok = ok && (RSA_get0_n(rsa) != NULL);<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">        ok = ok && (RSA_get0_d(rsa) != NULL);<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    return ok;<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">}<o:p></o:p></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">But I think selection of <span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">

OSSL_KEYMGMT_SELECT_KEYPAIR </span>and<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ"> OSSL_KEYMGMT_SELECT_PUBLIC_KEY

</span>should be like this:<o:p></o:p></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">        ok = ok && (RSA_get0_n(rsa) != NULL);<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)<o:p></o:p></span></p>

<p class="MsoNormal" style="line-height:15.0pt;background:white;vertical-align:middle">

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">        ok = ok && (RSA_get0_e(rsa) != NULL);<o:p></o:p></span></p>

<p class="MsoNormal">RSA public key is pair (e,n) and private key is (d,n). `n` is the common part, so I think in case of

<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ">

OSSL_KEYMGMT_SELECT_KEYPAIR</span>, we need to check `n` is not null, not `e` and we need to check `e` for public key. Current<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ"> rsa_has()

</span>return 1 if RSA structure has `d` and `e` but no `n` and we<span style="font-size:9.0pt;font-family:Consolas;color:#24292F;mso-fareast-language:EN-NZ"> OSSL_KEYMGMT_SELECT_PRIVATE_KEY

</span>selection which I think is incorrect.<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">What do you think? Do you think it is a bug too?<o:p></o:p></p>

</div>

<hr>

This email is confidential and may contain information subject to legal privilege. If you are not the intended recipient please advise us of our error by return e-mail then delete this email and any attached files. You may not copy, disclose or use the contents

 in any way. The views expressed in this email may not be those of Gallagher Group Ltd or subsidiary companies thereof.

<hr>

</body>

</html>