github bcgit#449 added unsafe override for poor key use.

dghgit · dghgit · commit 29bcca1b1c09 · 2019-04-24T09:03:15.000+10:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/RSAKeyParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/RSAKeyParameters.java
@@ -2,6 +2,8 @@
 
 import java.math.BigInteger;
 
+import org.bouncycastle.util.Properties;
+
 public class RSAKeyParameters
     extends AsymmetricKeyParameter
 {
@@ -39,6 +41,13 @@ public RSAKeyParameters(
 
     private BigInteger validate(BigInteger modulus)
     {
+        // If you need to set this you need to have a serious word to whoever is generating
+        // your keys.
+        if (Properties.isOverrideSet("org.bouncycastle.rsa.allow_unsafe_mod"))
+        {
+            return modulus;
+        }
+
         if ((modulus.intValue() & 1) == 0)
         {
             throw new IllegalArgumentException("RSA modulus is even");
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/RSATest.java b/core/src/test/java/org/bouncycastle/crypto/test/RSATest.java
@@ -196,6 +196,54 @@ private void testStrictPKCS1Length(RSAKeyParameters pubParameters, RSAKeyParamet
         System.getProperties().remove(PKCS1Encoding.NOT_STRICT_LENGTH_ENABLED_PROPERTY);
     }
 
+    private void testUnsafeModulusAndWrongExp()
+    {
+        try
+        {
+            try
+            {
+                new RSAKeyParameters(false, mod, pubExp.multiply(BigInteger.valueOf(2)));
+
+                fail("no exception");
+            }
+            catch (IllegalArgumentException e)
+            {
+                isTrue("RSA publicExponent is even".equals(e.getMessage()));
+            }
+
+            try
+            {
+                new RSAKeyParameters(false, mod.multiply(BigInteger.valueOf(2)), pubExp);
+
+                fail("no exception");
+            }
+            catch (IllegalArgumentException e)
+            {
+                isTrue("RSA modulus is even".equals(e.getMessage()));
+            }
+
+            try
+            {
+                new RSAKeyParameters(false, mod.multiply(BigInteger.valueOf(3)), pubExp);
+
+                fail("no exception");
+            }
+            catch (IllegalArgumentException e)
+            {
+                isTrue("RSA modulus has a small prime factor".equals(e.getMessage()));
+            }
+
+            System.setProperty("org.bouncycastle.rsa.allow_unsafe_mod", "true");
+
+            // this should now work (sigh...)
+            new RSAKeyParameters(false, mod.multiply(BigInteger.valueOf(3)), pubExp);
+        }
+        finally
+        {
+            System.clearProperty("org.bouncycastle.rsa.allow_unsafe_mod");
+        }
+    }
+
     private void testTruncatedPKCS1Block(RSAKeyParameters pubParameters, RSAKeyParameters privParameters)
     {
         checkForPKCS1Exception(pubParameters, privParameters, truncatedDataBlock, "block incorrect");
@@ -649,6 +697,7 @@ public void performTest()
         testTruncatedPKCS1Block(pubParameters, privParameters);
         testWrongPaddingPKCS1Block(pubParameters, privParameters);
         test_CVE_2017_15361();
+        testUnsafeModulusAndWrongExp();
 
         try
         {

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,8 @@`
`2`	`2`
`3`	`3`	`import java.math.BigInteger;`
`4`	`4`
	`5`	`+import org.bouncycastle.util.Properties;`
	`6`	`+`
`5`	`7`	`public class RSAKeyParameters`
`6`	`8`	`extends AsymmetricKeyParameter`
`7`	`9`	`{`
`@@ -39,6 +41,13 @@ public RSAKeyParameters(`
`39`	`41`
`40`	`42`	`private BigInteger validate(BigInteger modulus)`
`41`	`43`	`{`
	`44`	`+ // If you need to set this you need to have a serious word to whoever is generating`
	`45`	`+ // your keys.`
	`46`	`+ if (Properties.isOverrideSet("org.bouncycastle.rsa.allow_unsafe_mod"))`
	`47`	`+ {`
	`48`	`+ return modulus;`
	`49`	`+ }`
	`50`	`+`
`42`	`51`	`if ((modulus.intValue() & 1) == 0)`
`43`	`52`	`{`
`44`	`53`	`throw new IllegalArgumentException("RSA modulus is even");`