commit b15143fece341070ca99eb6085caaf299a83875f
author Steven Valdez <svaldez@google.com> Thu Apr 13 13:14:12 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Apr 13 17:33:40 2017 +0000
tree 3259d374f3d5173d7218e120ac7217813e61cecf
parent 400d0b7b5ea9cff8e4c4467d391ae7f071997957

Fix check_fips for public keys and synchronize the EC and RSA versions.

Change-Id: Ibebf787445578608845df8861d67cd1e65ed0b35
Reviewed-on: https://boringssl-review.googlesource.com/15004
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

crypto/rsa/rsa.c

diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index 0556bdb..1b62d03 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -682,7 +682,9 @@
   BN_free(&small_gcd);
   BN_CTX_free(ctx);
 
-  if (!ret) {
+  if (!ret || key->d == NULL || key->p == NULL) {
+    /* On a failure or on only a public key, there's nothing else can be
+     * checked. */
     return ret;
   }
 
@@ -694,13 +696,13 @@
   unsigned sig_len = RSA_size(key);
   uint8_t *sig = OPENSSL_malloc(sig_len);
   if (sig == NULL) {
-    OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR);
+    OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
     return 0;
   }
 
   if (!RSA_sign(NID_sha256, data, sizeof(data), sig, &sig_len, key) ||
       !RSA_verify(NID_sha256, data, sizeof(data), sig, sig_len, key)) {
-    OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR);
+    OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
     ret = 0;
   }