Fix SegFault in RSAOpenSsl::ImportParameters caused by calling RSA_size when no Modulus was provided.

bartonjs · bartonjs · commit 73cbbddf7636 · 2015-06-11T08:00:10.000-07:00
In addition to ensuring that Modulus is present, complete verification of the RSAParameters input object to pass the rest of the invalid input tests. Even though OpenSSL's default RSA engine can process private key operations with only D, for compatibility on Windows D requires the rest of { P, DP, Q, DQ, InverseQ }.  Additionally, none of the "extra" private key parameters can be present without D.
diff --git a/src/System.Security.Cryptography.RSA/src/Internal/Cryptography/RsaOpenSsl.cs b/src/System.Security.Cryptography.RSA/src/Internal/Cryptography/RsaOpenSsl.cs
@@ -145,6 +145,8 @@ public override RSAParameters ExportParameters(bool includePrivateParameters)
         
         public override unsafe void ImportParameters(RSAParameters parameters)
         {
+            ValidateParameters(ref parameters);
+
             SafeRsaHandle key = Interop.libcrypto.RSA_new();
             bool imported = false;
 
@@ -209,6 +211,35 @@ private void FreeKey()
             }
         }
 
+        private static void ValidateParameters(ref RSAParameters parameters)
+        {
+            if (parameters.Modulus == null || parameters.Exponent == null)
+                throw new CryptographicException(SR.Argument_InvalidValue);
+
+            if (parameters.D == null)
+            {
+                if (parameters.P != null ||
+                    parameters.DP != null ||
+                    parameters.Q != null ||
+                    parameters.DQ != null ||
+                    parameters.InverseQ != null)
+                {
+                    throw new CryptographicException(SR.Argument_InvalidValue);
+                }
+            }
+            else
+            {
+                if (parameters.P == null ||
+                    parameters.DP == null ||
+                    parameters.Q == null ||
+                    parameters.DQ == null ||
+                    parameters.InverseQ == null)
+                {
+                    throw new CryptographicException(SR.Argument_InvalidValue);
+                }
+            }
+        }
+
         private static void CheckInvalidKey(SafeRsaHandle key)
         {
             if (key == null || key.IsInvalid)
