[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Mon Mar 6 15:02:56 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 0d41526f4f76b2f9384540503c21e8ef41e1fbbb (commit)
from 0b6b011fc6d6f5034dfc197750057a8b1977f526 (commit)
- Log -----------------------------------------------------------------
commit 0d41526f4f76b2f9384540503c21e8ef41e1fbbb
Author: Rich Salz <rsalz at openssl.org>
Date: Mon Mar 6 09:54:17 2017 -0500
Fix an endless loop in rsa_builtin_keygen.
And add a test case.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2757)
(cherry picked from commit 697958313ba48c8ebc832ab8f9f2b845fb7acfd4)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_gen.c | 23 +++++++++++------------
test/recipes/15-test_genrsa.t | 26 ++++++++++++++++++++++++++
2 files changed, 37 insertions(+), 12 deletions(-)
create mode 100644 test/recipes/15-test_genrsa.t
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 0d1d56b..4ced965 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -43,6 +43,16 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
int bitsp, bitsq, ok = -1, n = 0;
BN_CTX *ctx = NULL;
+ /*
+ * When generating ridiculously small keys, we can get stuck
+ * continually regenerating the same prime values.
+ */
+ if (bits < 16) {
+ ok = 0; /* we set our own err */
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
@@ -94,21 +104,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
if (!BN_GENCB_call(cb, 3, 0))
goto err;
for (;;) {
- /*
- * When generating ridiculously small keys, we can get stuck
- * continually regenerating the same prime values. Check for this and
- * bail if it happens 3 times.
- */
- unsigned int degenerate = 0;
do {
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
goto err;
- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
- if (degenerate == 3) {
- ok = 0; /* we set our own err */
- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
+ } while (BN_cmp(rsa->p, rsa->q) == 0);
if (!BN_sub(r2, rsa->q, BN_value_one()))
goto err;
if (!BN_gcd(r1, r2, rsa->e, ctx))
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
new file mode 100644
index 0000000..cc74e30
--- /dev/null
+++ b/test/recipes/15-test_genrsa.t
@@ -0,0 +1,26 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_genrsa");
+
+plan tests => 5;
+
+is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
+ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '16'])), "genrsa -3 16");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
+ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', '16'])), "genrsa -f4 16");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
+unlink 'genrsatest.pem';
More information about the openssl-commits
mailing list