From 066189666a3d2ddcbc1a858efc523d577c5fdff6 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Mon, 10 Jan 2022 00:03:02 +0000
Subject: [PATCH] Check that the RSA exponent is neither even nor 1 in
 RSA_check_key()

Part of OpenSSL commit 464d59a5

ok inoguchi jsing
---
 lib/libcrypto/rsa/rsa_chk.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/libcrypto/rsa/rsa_chk.c b/lib/libcrypto/rsa/rsa_chk.c
index 337728d61e7..807eae084eb 100644
--- a/lib/libcrypto/rsa/rsa_chk.c
+++ b/lib/libcrypto/rsa/rsa_chk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_chk.c,v 1.14 2022/01/07 09:55:32 tb Exp $ */
+/* $OpenBSD: rsa_chk.c,v 1.15 2022/01/10 00:03:02 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -81,6 +81,15 @@ RSA_check_key(const RSA *key)
 		goto err;
 	}
 
+	if (BN_is_one(key->e)) {
+		ret = 0;
+		RSAerror(RSA_R_BAD_E_VALUE);
+	}
+	if (!BN_is_odd(key->e)) {
+		ret = 0;
+		RSAerror(RSA_R_BAD_E_VALUE);
+	}
+
 	/* p prime? */
 	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
 	if (r != 1) {
-- 
2.20.1