rsa/rsa_gen.c: ensure backward compatibility with external rsa->meth.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4770)

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index f7f60754ade6d9a91a2c4f88bcd3fe133409c02e..b092bbab434e51dec06b4eb89f9d4a6534a43f9b 100644 (file)
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -42,9 +42,22 @@ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
                                  BIGNUM *e_value, BN_GENCB *cb)
 {
     /* multi-prime is only supported with the builtin key generation */
-    if (rsa->meth->rsa_multi_prime_keygen != NULL)
+    if (rsa->meth->rsa_multi_prime_keygen != NULL) {
         return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes,
                                                  e_value, cb);
+    } else if (rsa->meth->rsa_keygen != NULL) {
+        /*
+         * However, if rsa->meth implements only rsa_keygen, then we
+         * have to honour it in 2-prime case and assume that it wouldn't
+         * know what to do with multi-prime key generated by builtin
+         * subroutine...
+         */
+        if (primes == 2)
+            return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+        else
+            return 0;
+    }
+
     return rsa_builtin_keygen(rsa, bits, primes, e_value, cb);
 }