[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu May 27 03:03:28 UTC 2021


The branch master has been updated
       via  422da9bbfb739a5d42292c990c0b81552060d5a2 (commit)
       via  5c99d57ea3903211f313e7760f045ac48273e79d (commit)
       via  dfad3a00be4101479744cac1fe4314c567f1e35e (commit)
       via  3134fb284fe632424ee3bd380c4bf95342aa00fd (commit)
       via  476798f22f76040dc5218aa8e91ffb0177fea9e7 (commit)
       via  0c05fda40e3d55a322970f2bbbfea89e645e6902 (commit)
      from  9d0dd1d51335cd17d2594adfe4d30142f2ab8b19 (commit)


- Log -----------------------------------------------------------------
commit 422da9bbfb739a5d42292c990c0b81552060d5a2
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:24:40 2021 +1000

    test: test MP genrsa in deprecated builds
    
    These multi-prime tests were omitted when genrsa was deprecated but not
    returned when it was restored.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit 5c99d57ea3903211f313e7760f045ac48273e79d
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:11:29 2021 +1000

    test: add test for key generation strength > RNG strength
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit dfad3a00be4101479744cac1fe4314c567f1e35e
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:10:51 2021 +1000

    test: test genrsa in deprecated builds
    
    These tests were omitted when genrsa was deprecated but not returned when
    it was restored.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit 3134fb284fe632424ee3bd380c4bf95342aa00fd
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:02:09 2021 +1000

    errors: update error message (to be squashed)
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit 476798f22f76040dc5218aa8e91ffb0177fea9e7
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:00:37 2021 +1000

    rsa: check that the RNG is capable of producing a key of the specified size
    
    During key generation, any sized key can be asked for.  Attempting to generate
    a key with a security strength larger than the RNG strength now fails.
    
    Fixes #15421
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit 0c05fda40e3d55a322970f2bbbfea89e645e6902
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 09:27:32 2021 +1000

    rsa: remove the limit on the maximum key strength
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt         |  2 ++
 crypto/rsa/rsa_err.c           |  4 ++-
 crypto/rsa/rsa_sp800_56b_gen.c | 26 ++++++++++++++++---
 include/crypto/rsaerr.h        |  2 +-
 include/openssl/rsaerr.h       |  1 +
 test/recipes/15-test_genrsa.t  | 58 ++++++++++++++++++------------------------
 test/recipes/15-test_mp_rsa.t  | 31 ++++++++++++++--------
 7 files changed, 76 insertions(+), 48 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 3e9bfc1acf..48d1175bce 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1190,6 +1190,8 @@ RSA_R_PSS_SALTLEN_TOO_SMALL:164:pss saltlen too small
 RSA_R_PUB_EXPONENT_OUT_OF_RANGE:178:pub exponent out of range
 RSA_R_P_NOT_PRIME:128:p not prime
 RSA_R_Q_NOT_PRIME:129:q not prime
+RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT:180:\
+	randomness source strength insufficient
 RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:130:rsa operations not supported
 RSA_R_SLEN_CHECK_FAILED:136:salt length check failed
 RSA_R_SLEN_RECOVERY_FAILED:135:salt length recovery failed
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 1e3c81ff5e..85bee965fc 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -118,6 +118,8 @@ static const ERR_STRING_DATA RSA_str_reasons[] = {
     "pub exponent out of range"},
     {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"},
     {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT),
+    "randomness source strength insufficient"},
     {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
     "rsa operations not supported"},
     {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED),
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c
index 077c32f1e9..d2052c5796 100644
--- a/crypto/rsa/rsa_sp800_56b_gen.c
+++ b/crypto/rsa/rsa_sp800_56b_gen.c
@@ -11,13 +11,14 @@
 #include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/core.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
 #include "crypto/bn.h"
 #include "crypto/security_bits.h"
 #include "rsa_local.h"
 
 #define RSA_FIPS1864_MIN_KEYGEN_KEYSIZE 2048
 #define RSA_FIPS1864_MIN_KEYGEN_STRENGTH 112
-#define RSA_FIPS1864_MAX_KEYGEN_STRENGTH 256
 
 /*
  * Generate probable primes 'p' & 'q'. See FIPS 186-4 Section B.3.6
@@ -174,8 +175,7 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
     int s = (int)ossl_ifc_ffc_compute_security_bits(nbits);
 
 #ifdef FIPS_MODULE
-    if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH
-            || s > RSA_FIPS1864_MAX_KEYGEN_STRENGTH) {
+    if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH) {
         ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS);
         return 0;
     }
@@ -187,6 +187,22 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
     return 1;
 }
 
+/*
+ * Validate that the random bit generator is of sufficient strength to generate
+ * a key of the specified length.
+ */
+static int rsa_validate_rng_strength(EVP_RAND_CTX *rng, int nbits)
+{
+    if (rng == NULL)
+        return 0;
+    if (EVP_RAND_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) {
+        ERR_raise(ERR_LIB_RSA,
+                  RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT);
+        return 0;
+    }
+    return 1;
+}
+
 /*
  *
  * Using p & q, calculate other required parameters such as n, d.
@@ -348,6 +364,10 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
     if (!ossl_rsa_sp800_56b_validate_strength(nbits, -1))
         return 0;
 
+    /* Check that the RNG is capable of generating a key this large */
+   if (!rsa_validate_rng_strength(RAND_get0_private(rsa->libctx), nbits))
+        return 0;
+
     ctx = BN_CTX_new_ex(rsa->libctx);
     if (ctx == NULL)
         return 0;
diff --git a/include/crypto/rsaerr.h b/include/crypto/rsaerr.h
index 43541b7faf..9b23500b37 100644
--- a/include/crypto/rsaerr.h
+++ b/include/crypto/rsaerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h
index bc31d2fe65..4335f1cb33 100644
--- a/include/openssl/rsaerr.h
+++ b/include/openssl/rsaerr.h
@@ -85,6 +85,7 @@
 # define RSA_R_PUB_EXPONENT_OUT_OF_RANGE                  178
 # define RSA_R_P_NOT_PRIME                                128
 # define RSA_R_Q_NOT_PRIME                                129
+# define RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT    180
 # define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
 # define RSA_R_SLEN_CHECK_FAILED                          136
 # define RSA_R_SLEN_RECOVERY_FAILED                       135
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index 501d3a100f..6c67f04af9 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -25,18 +25,21 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan tests =>
     ($no_fips ? 0 : 2)          # Extra FIPS related test
-    + 13;
+    + 14;
 
 # We want to know that an absurdly small number of bits isn't support
-if (disabled("deprecated-3.0")) {
-    is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
-                 '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
-                 '-pkeyopt', 'rsa_keygen_pubexp:3'])),
-               0, "genrsa -3 8");
-} else {
-    is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
-               0, "genrsa -3 8");
-}
+is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+             '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
+             '-pkeyopt', 'rsa_keygen_pubexp:3'])),
+           0, "genpkey 8");
+is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
+           0, "genrsa -3 8");
+
+# We want to know that an absurdly large number of bits fails the RNG check
+is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+             '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:1000000000',
+             '-pkeyopt', 'rsa_keygen_pubexp:3'])),
+           0, "genpkey 1000000000");
 
 # Depending on the shared library, we might have different lower limits.
 # Let's find it!  This is a simple binary search
@@ -50,16 +53,10 @@ my $fin;
 while ($good > $bad + 1) {
     my $checked = int(($good + $bad + 1) / 2);
     my $bits = 2 ** $checked;
-    if (disabled("deprecated-3.0")) {
-        $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
-                         '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537',
-                         '-pkeyopt', "rsa_keygen_bits:$bits",
-                       ], stderr => undef));
-    } else {
-        $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
-                         $bits
-                       ], stderr => undef));
-    }
+    $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+                     '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537',
+                     '-pkeyopt', "rsa_keygen_bits:$bits",
+                   ], stderr => undef));
     if ($fin) {
         note 2 ** $checked, " bits is good";
         $good = $checked;
@@ -76,14 +73,9 @@ ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
              '-pkeyopt', 'rsa_keygen_pubexp:65537',
              '-pkeyopt', "rsa_keygen_bits:$good",
              '-out', 'genrsatest.pem' ])),
-   "genpkey -3 $good");
+   "genpkey $good");
 ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])),
    "pkey -check");
-ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
-             '-pkeyopt', 'rsa_keygen_pubexp:65537',
-             '-pkeyopt', "rsa_keygen_bits:$good",
-             '-out', 'genrsatest.pem' ])),
-   "genpkey -f4 $good");
 
 ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
              '-pkeyopt', 'rsa_keygen_bits:2048',
@@ -104,19 +96,19 @@ ok(!run(app([ 'openssl', 'genpkey', '-propquery', 'unknown',
              '-algorithm', 'RSA' ])),
    "genpkey requesting unknown=yes property should fail");
 
-
  SKIP: {
-    skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0");
+    skip "Skipping rsa command line test", 2 if disabled("deprecated-3.0");
 
     ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
        "genrsa -3 $good");
     ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
        "rsa -check");
-    ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
-       "genrsa -f4 $good");
-    ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
-       "rsa -check");
-}
+ }
+
+ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
+   "genrsa -f4 $good");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+   "rsa -check");
 
 unless ($no_fips) {
     my $provconf = srctop_file("test", "fips-and-base.cnf");
diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t
index ad7018789b..339a2a811d 100644
--- a/test/recipes/15-test_mp_rsa.t
+++ b/test/recipes/15-test_mp_rsa.t
@@ -35,14 +35,14 @@ my @test_param = (
     },
 );
 
-plan tests => 1 + scalar(@test_param) * 5 * (disabled('deprecated-3.0') ? 1 : 2);
+plan tests => 1 + scalar(@test_param) * 5 * 2;
 
 ok(run(test(["rsa_mp_test"])), "running rsa multi prime test");
 
 my $cleartext = data_file("plain_text");
 
 # genrsa
-run_mp_tests(0) if !disabled('deprecated-3.0');
+run_mp_tests(0);
 # evp
 run_mp_tests(1);
 
@@ -77,14 +77,25 @@ sub run_mp_tests {
             ok(run(app([ 'openssl', 'rsa', '-check',
                          '-in', "rsamptest-$name.pem", '-noout'])),
                "rsa -check $name");
-            ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
-                         '-encrypt', '-in', $cleartext,
-                         '-out', "rsamptest-$name.enc" ])),
-               "rsa $name encrypt");
-            ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
-                         '-decrypt', '-in', "rsamptest-$name.enc",
-                         '-out', "rsamptest-$name.dec" ])),
-               "rsa $name decrypt");
+            if (!disabled('deprecated-3.0')) {
+                ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
+                             '-encrypt', '-in', $cleartext,
+                             '-out', "rsamptest-$name.enc" ])),
+                   "rsa $name encrypt");
+                ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
+                             '-decrypt', '-in', "rsamptest-$name.enc",
+                             '-out', "rsamptest-$name.dec" ])),
+                   "rsa $name decrypt");
+            } else {
+                ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
+                             '-encrypt', '-in', $cleartext,
+                             '-out', "rsamptest-$name.enc" ])),
+                   "rsa $name encrypt");
+                ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
+                             '-decrypt', '-in', "rsamptest-$name.enc",
+                             '-out', "rsamptest-$name.dec" ])),
+                   "rsa $name decrypt");
+            }
         }
         ok(check_msg("rsamptest-$name.dec"), "rsa $name check result");
     }


More information about the openssl-commits mailing list