1 files changed, 38 insertions, 0 deletions

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 1a30607a67..0c91aac493 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -3306,6 +3306,37 @@ fail:
 	return ret;
 }
 
+static int calc_rsa_priv(gnutls_pk_params_st * params)
+{
+	bigint_t lcm, p1, q1;
+	int ret;
+
+	params->params[RSA_PRIV] = NULL;
+
+	ret = _gnutls_mpi_init_multi(&params->params[RSA_PRIV], &lcm, &p1, &q1, NULL);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
+	/* lcm(p - 1, q - 1) */
+	mpz_sub_ui(p1, params->params[RSA_PRIME1], 1);
+	mpz_sub_ui(q1, params->params[RSA_PRIME2], 1);
+	mpz_lcm(lcm, p1, q1);
+
+	zrelease_mpi_key(&p1);
+	zrelease_mpi_key(&q1);
+
+	/* d = e^{-1} (mod lcm) */
+	ret = mpz_invert(params->params[RSA_PRIV], params->params[RSA_PUB], lcm);
+
+	zrelease_mpi_key(&lcm);
+
+	if (ret == 0) {
+		zrelease_mpi_key(&params->params[RSA_PRIV]);
+		return GNUTLS_E_INVALID_REQUEST;
+	}
+
+	return 0;
+}
 
 static int
 wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
@@ -3320,6 +3351,13 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
 	if (algo == GNUTLS_PK_RSA) {
 		struct rsa_private_key priv;
 
+		if (params->params[RSA_PRIV] == NULL) {
+			ret = calc_rsa_priv(params);
+			if (ret < 0)
+				return gnutls_assert_val(ret);
+			params->params_nr++;
+		}
+
 		/* do not trust the generated values. Some old private keys
 		 * generated by us have mess on the values. Those were very
 		 * old but it seemed some of the shipped example private