[openssl] master update

tomas at openssl.org tomas at openssl.org
Fri Aug 13 08:36:13 UTC 2021


The branch master has been updated
       via  254957f768a61c91c14d89566224173d0831c2ce (commit)
      from  a5f4099d275520caf90a28a88e889cb36683b412 (commit)


- Log -----------------------------------------------------------------
commit 254957f768a61c91c14d89566224173d0831c2ce
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Wed Aug 11 12:23:08 2021 +1000

    Allow small RSA exponents in the default provider
    
    Fixes #16255
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16285)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_sp800_56b_check.c | 27 +++++++++------------------
 test/rsa_sp800_56b_test.c        | 15 +++++++++------
 2 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c
index 9b827d2872..fc8f19b487 100644
--- a/crypto/rsa/rsa_sp800_56b_check.c
+++ b/crypto/rsa/rsa_sp800_56b_check.c
@@ -218,30 +218,21 @@ int ossl_rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx)
     return ret;
 }
 
-#ifndef FIPS_MODULE
-static int bn_is_three(const BIGNUM *bn)
-{
-    BIGNUM *num = BN_dup(bn);
-    int ret = (num != NULL && BN_sub_word(num, 3) && BN_is_zero(num));
-
-    BN_free(num);
-    return ret;
-}
-#endif /* FIPS_MODULE */
-
-/* Check exponent is odd, and has a bitlen ranging from [17..256] */
+/*
+ * Check exponent is odd.
+ * For FIPS also check the bit length is in the range [17..256]
+ */
 int ossl_rsa_check_public_exponent(const BIGNUM *e)
 {
+#ifdef FIPS_MODULE
     int bitlen;
 
-    /* For legacy purposes RSA_3 is allowed in non fips mode */
-#ifndef FIPS_MODULE
-    if (bn_is_three(e))
-        return 1;
-#endif /* FIPS_MODULE */
-
     bitlen = BN_num_bits(e);
     return (BN_is_odd(e) && bitlen > 16 && bitlen < 257);
+#else
+    /* Allow small exponents larger than 1 for legacy purposes */
+    return BN_is_odd(e) && BN_cmp(e, BN_value_one()) > 0;
+#endif /* FIPS_MODULE */
 }
 
 /*
diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c
index 033983d58e..f5df0e4955 100644
--- a/test/rsa_sp800_56b_test.c
+++ b/test/rsa_sp800_56b_test.c
@@ -104,26 +104,29 @@ static BIGNUM *bn_load_new(const unsigned char *data, int sz)
     return ret;
 }
 
+/* Check that small rsa exponents are allowed in non FIPS mode */
 static int test_check_public_exponent(void)
 {
     int ret = 0;
     BIGNUM *e = NULL;
 
     ret = TEST_ptr(e = BN_new())
-          /* e is too small */
-          && TEST_true(BN_set_word(e, 65535))
+          /* e is too small will fail */
+          && TEST_true(BN_set_word(e, 1))
           && TEST_false(ossl_rsa_check_public_exponent(e))
           /* e is even will fail */
           && TEST_true(BN_set_word(e, 65536))
           && TEST_false(ossl_rsa_check_public_exponent(e))
           /* e is ok */
+          && TEST_true(BN_set_word(e, 3))
+          && TEST_true(ossl_rsa_check_public_exponent(e))
+          && TEST_true(BN_set_word(e, 17))
+          && TEST_true(ossl_rsa_check_public_exponent(e))
           && TEST_true(BN_set_word(e, 65537))
           && TEST_true(ossl_rsa_check_public_exponent(e))
-          /* e = 2^256 is too big */
+          /* e = 2^256 + 1 is ok */
           && TEST_true(BN_lshift(e, BN_value_one(), 256))
-          && TEST_false(ossl_rsa_check_public_exponent(e))
-          /* e = 2^256-1 is odd and in range */
-          && TEST_true(BN_sub(e, e, BN_value_one()))
+          && TEST_true(BN_add(e, e, BN_value_one()))
           && TEST_true(ossl_rsa_check_public_exponent(e));
     BN_free(e);
     return ret;


More information about the openssl-commits mailing list