From a9127c1d11e95fd7bcbd9df7f8e3ba74a87feafa Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Mon, 2 Dec 2019 11:25:47 +0100
Subject: [PATCH] rsa_get0_all_params(): Allow zero CRT params

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
---
 crypto/rsa/rsa_ameth.c | 8 +++++++-
 crypto/rsa/rsa_lib.c   | 4 ++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 71aa435bd7..f34eacf552 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1120,7 +1120,13 @@ static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
         numexps = sk_BIGNUM_const_num(exps);
         numcoeffs = sk_BIGNUM_const_num(coeffs);
 
-        if (numprimes < 2 || numexps < 2 || numcoeffs < 1)
+        /*
+         * It's permisssible to have zero primes, i.e. no CRT params.
+         * Otherwise, there must be at least two, as many exponents,
+         * and one coefficient less.
+         */
+        if (numprimes != 0
+            && (numprimes < 2 || numexps < 2 || numcoeffs < 1))
             goto err;
 
         /* assert that an OSSL_PARAM_BLD has enough space. */
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 39d7f5f54a..08ce8b4ef8 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -780,6 +780,10 @@ int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
     if (r == NULL)
         return 0;
 
+    /* If |p| is NULL, there are no CRT parameters */
+    if (RSA_get0_p(r) == NULL)
+        return 1;
+
     sk_BIGNUM_const_push(primes, RSA_get0_p(r));
     sk_BIGNUM_const_push(primes, RSA_get0_q(r));
     sk_BIGNUM_const_push(exps, RSA_get0_dmp1(r));
-- 
2.25.1