From 63073aa3d389500251fcda9bcb0eb3e9d4774f3d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 27 Nov 2017 15:33:18 +0000
Subject: [PATCH] Don't require P,Q in rsa_private in case of non-blinded
 non-CRT

For non-CRT, P and Q are only used for the purpose of blinding the exponent.
---
 library/rsa.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/rsa.c b/library/rsa.c
index 56f434563..35ace85c5 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -437,8 +437,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
     if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 ||
         mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 ||
         mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ||
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ||
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 )
+        ( f_rng != NULL && mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) ||
+        ( f_rng != NULL && mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 ) )
     {
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
     }