[openssl] master update
tomas at openssl.org
tomas at openssl.org
Tue Mar 30 17:22:45 UTC 2021
The branch master has been updated
via c6b09ea0fe23a572a781681b3c1f436e8b0932fe (commit)
from 6635ea531e9f7709e5880dd77fd4c3403a5c3db7 (commit)
- Log -----------------------------------------------------------------
commit c6b09ea0fe23a572a781681b3c1f436e8b0932fe
Author: Matt Caswell <matt at openssl.org>
Date: Fri Mar 26 16:49:27 2021 +0000
Fix change in behaviour of EVP_PKEY_CTRL_RSA_KEYGEN_BITS
In 1.1.1 the ctrl EVP_PKEY_CTRL_RSA_KEYGEN_BITS would fail immediately
if the number of bits was too small. In 3.0 it always succeeds, and only
fails later during the key generation stage.
We fix that so that it fails early like it used to in 1.1.1.
Note that in 1.1.1 it fails with a -2 return code. That is not the case
in 3.0 and has not been addressed here (see #14442)
Fixes #14443
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14702)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_local.h | 1 -
include/crypto/rsa.h | 2 ++
providers/implementations/keymgmt/rsa_kmgmt.c | 12 +++++++++---
test/recipes/30-test_evp_data/evppkey_rsa.txt | 2 +-
4 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index 6979adfcd1..ea70da05ad 100644
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@@ -14,7 +14,6 @@
#include "crypto/rsa.h"
#define RSA_MAX_PRIME_NUM 5
-#define RSA_MIN_MODULUS_BITS 512
typedef struct rsa_prime_info_st {
BIGNUM *r;
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index 69fa8a4d8a..73bf03f615 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -16,6 +16,8 @@
# include <openssl/x509.h>
# include "crypto/types.h"
+#define RSA_MIN_MODULUS_BITS 512
+
typedef struct rsa_pss_params_30_st {
int hash_algorithm_nid;
struct {
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index eac3843884..1bcb6ed603 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -19,6 +19,7 @@
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
+#include <openssl/proverr.h>
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
@@ -473,9 +474,14 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
if (params == NULL)
return 1;
- if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL
- && !OSSL_PARAM_get_size_t(p, &gctx->nbits))
- return 0;
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) {
+ if (!OSSL_PARAM_get_size_t(p, &gctx->nbits))
+ return 0;
+ if (gctx->nbits < RSA_MIN_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
+ return 0;
+ }
+ }
if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL
&& !OSSL_PARAM_get_size_t(p, &gctx->primes))
return 0;
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt
index 4354bd649a..79e6715f4c 100644
--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt
@@ -614,5 +614,5 @@ Title = Test RSA keygen
KeyGen = rsaEncryption
Ctrl = rsa_keygen_bits:128
KeyName = tmprsa
-Result = KEYGEN_GENERATE_ERROR
+Result = PKEY_CTRL_ERROR
Reason = key size too small
More information about the openssl-commits
mailing list