You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.4 KiB
32 lines
1.4 KiB
8 months ago
|
commit c859ed40828bf808e83a3f437c2e34c9c843a4c3
|
||
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
Date: Fri Feb 9 14:07:34 2024 +0100
|
||
|
|
||
|
COMMON: Fix implicit rejection with RSA keys with empty CKA_PRIVATE_EXPONENT
|
||
|
|
||
|
An RSA key object that has no CKA_PRIVATE_EXPONENT may either don't have that
|
||
|
attribute at all, or may have an empty CKA_PRIVATE_EXPONENT attribute.
|
||
|
Both situations should be handed the same, and the private exponent of the
|
||
|
key needs to be calculated from the other key components.
|
||
|
|
||
|
Note that RSA key objects generated with a current soft or ICA token will
|
||
|
always have a valid CKA_PRIVATE_EXPONENT attribute, since this is provided
|
||
|
during key generation.
|
||
|
|
||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
|
||
|
diff --git a/usr/lib/common/mech_openssl.c b/usr/lib/common/mech_openssl.c
|
||
|
index da515289..14c82e2d 100644
|
||
|
--- a/usr/lib/common/mech_openssl.c
|
||
|
+++ b/usr/lib/common/mech_openssl.c
|
||
|
@@ -5160,7 +5160,8 @@ CK_RV openssl_specific_rsa_derive_kdk(STDLL_TokData_t *tokdata, OBJECT *key_obj,
|
||
|
|
||
|
rc = template_attribute_get_non_empty(key_obj->template,
|
||
|
CKA_PRIVATE_EXPONENT, &priv_exp_attr);
|
||
|
- if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE) {
|
||
|
+ if (rc != CKR_OK && rc != CKR_TEMPLATE_INCOMPLETE &&
|
||
|
+ rc != CKR_ATTRIBUTE_VALUE_INVALID) {
|
||
|
TRACE_ERROR("Failed to get CKA_PRIVATE_EXPONENT\n");
|
||
|
goto out;
|
||
|
}
|