only allow omission of precomputed RSA values in OpenSSL 3.0 and 3.1

golang-fips · Sep 4, 2024 · ef0d391 · ef0d391
1 parent 2ae7b98
commit ef0d391
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/rsa.go b/rsa.go
@@ -385,7 +385,7 @@ func newRSAKey3(isPriv bool, N, E, D, P, Q, Dp, Dq, Qinv BigInt) (C.GO_EVP_PKEY_
 	}
 	defer C.go_openssl_OSSL_PARAM_BLD_free(bld)
 
-	type bigIntParam struct{
+	type bigIntParam struct {
 		name *C.char
 		num  BigInt
 	}
@@ -400,7 +400,7 @@ func newRSAKey3(isPriv bool, N, E, D, P, Q, Dp, Dq, Qinv BigInt) (C.GO_EVP_PKEY_
 	// OpenSSL 3.0 and 3.1 required all the precomputed values if
 	// P and Q are present. See:
 	// https://github.com/openssl/openssl/pull/22334
-	if P != nil && Q != nil && Dp != nil && Dq != nil && Qinv != nil {
+	if vMinor >= 2 || (P != nil && Q != nil && Dp != nil && Dq != nil && Qinv != nil) {
 		precomputed := [...]bigIntParam{
 			{paramRSA_P, P}, {paramRSA_Q, Q},
 			{paramRSA_Dp, Dp}, {paramRSA_Dq, Dq}, {paramRSA_Qinv, Qinv},