[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu May 27 03:03:28 UTC 2021
The branch master has been updated
via 422da9bbfb739a5d42292c990c0b81552060d5a2 (commit)
via 5c99d57ea3903211f313e7760f045ac48273e79d (commit)
via dfad3a00be4101479744cac1fe4314c567f1e35e (commit)
via 3134fb284fe632424ee3bd380c4bf95342aa00fd (commit)
via 476798f22f76040dc5218aa8e91ffb0177fea9e7 (commit)
via 0c05fda40e3d55a322970f2bbbfea89e645e6902 (commit)
from 9d0dd1d51335cd17d2594adfe4d30142f2ab8b19 (commit)
- Log -----------------------------------------------------------------
commit 422da9bbfb739a5d42292c990c0b81552060d5a2
Author: Pauli <pauli at openssl.org>
Date: Wed May 26 10:24:40 2021 +1000
test: test MP genrsa in deprecated builds
These multi-prime tests were omitted when genrsa was deprecated but not
returned when it was restored.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
commit 5c99d57ea3903211f313e7760f045ac48273e79d
Author: Pauli <pauli at openssl.org>
Date: Wed May 26 10:11:29 2021 +1000
test: add test for key generation strength > RNG strength
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
commit dfad3a00be4101479744cac1fe4314c567f1e35e
Author: Pauli <pauli at openssl.org>
Date: Wed May 26 10:10:51 2021 +1000
test: test genrsa in deprecated builds
These tests were omitted when genrsa was deprecated but not returned when
it was restored.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
commit 3134fb284fe632424ee3bd380c4bf95342aa00fd
Author: Pauli <pauli at openssl.org>
Date: Wed May 26 10:02:09 2021 +1000
errors: update error message (to be squashed)
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
commit 476798f22f76040dc5218aa8e91ffb0177fea9e7
Author: Pauli <pauli at openssl.org>
Date: Wed May 26 10:00:37 2021 +1000
rsa: check that the RNG is capable of producing a key of the specified size
During key generation, any sized key can be asked for. Attempting to generate
a key with a security strength larger than the RNG strength now fails.
Fixes #15421
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
commit 0c05fda40e3d55a322970f2bbbfea89e645e6902
Author: Pauli <pauli at openssl.org>
Date: Wed May 26 09:27:32 2021 +1000
rsa: remove the limit on the maximum key strength
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 2 ++
crypto/rsa/rsa_err.c | 4 ++-
crypto/rsa/rsa_sp800_56b_gen.c | 26 ++++++++++++++++---
include/crypto/rsaerr.h | 2 +-
include/openssl/rsaerr.h | 1 +
test/recipes/15-test_genrsa.t | 58 ++++++++++++++++++------------------------
test/recipes/15-test_mp_rsa.t | 31 ++++++++++++++--------
7 files changed, 76 insertions(+), 48 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 3e9bfc1acf..48d1175bce 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1190,6 +1190,8 @@ RSA_R_PSS_SALTLEN_TOO_SMALL:164:pss saltlen too small
RSA_R_PUB_EXPONENT_OUT_OF_RANGE:178:pub exponent out of range
RSA_R_P_NOT_PRIME:128:p not prime
RSA_R_Q_NOT_PRIME:129:q not prime
+RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT:180:\
+ randomness source strength insufficient
RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:130:rsa operations not supported
RSA_R_SLEN_CHECK_FAILED:136:salt length check failed
RSA_R_SLEN_RECOVERY_FAILED:135:salt length recovery failed
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 1e3c81ff5e..85bee965fc 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -118,6 +118,8 @@ static const ERR_STRING_DATA RSA_str_reasons[] = {
"pub exponent out of range"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"},
+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT),
+ "randomness source strength insufficient"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
"rsa operations not supported"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED),
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c
index 077c32f1e9..d2052c5796 100644
--- a/crypto/rsa/rsa_sp800_56b_gen.c
+++ b/crypto/rsa/rsa_sp800_56b_gen.c
@@ -11,13 +11,14 @@
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/core.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
#include "crypto/bn.h"
#include "crypto/security_bits.h"
#include "rsa_local.h"
#define RSA_FIPS1864_MIN_KEYGEN_KEYSIZE 2048
#define RSA_FIPS1864_MIN_KEYGEN_STRENGTH 112
-#define RSA_FIPS1864_MAX_KEYGEN_STRENGTH 256
/*
* Generate probable primes 'p' & 'q'. See FIPS 186-4 Section B.3.6
@@ -174,8 +175,7 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
int s = (int)ossl_ifc_ffc_compute_security_bits(nbits);
#ifdef FIPS_MODULE
- if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH
- || s > RSA_FIPS1864_MAX_KEYGEN_STRENGTH) {
+ if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH) {
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS);
return 0;
}
@@ -187,6 +187,22 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
return 1;
}
+/*
+ * Validate that the random bit generator is of sufficient strength to generate
+ * a key of the specified length.
+ */
+static int rsa_validate_rng_strength(EVP_RAND_CTX *rng, int nbits)
+{
+ if (rng == NULL)
+ return 0;
+ if (EVP_RAND_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) {
+ ERR_raise(ERR_LIB_RSA,
+ RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT);
+ return 0;
+ }
+ return 1;
+}
+
/*
*
* Using p & q, calculate other required parameters such as n, d.
@@ -348,6 +364,10 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
if (!ossl_rsa_sp800_56b_validate_strength(nbits, -1))
return 0;
+ /* Check that the RNG is capable of generating a key this large */
+ if (!rsa_validate_rng_strength(RAND_get0_private(rsa->libctx), nbits))
+ return 0;
+
ctx = BN_CTX_new_ex(rsa->libctx);
if (ctx == NULL)
return 0;
diff --git a/include/crypto/rsaerr.h b/include/crypto/rsaerr.h
index 43541b7faf..9b23500b37 100644
--- a/include/crypto/rsaerr.h
+++ b/include/crypto/rsaerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h
index bc31d2fe65..4335f1cb33 100644
--- a/include/openssl/rsaerr.h
+++ b/include/openssl/rsaerr.h
@@ -85,6 +85,7 @@
# define RSA_R_PUB_EXPONENT_OUT_OF_RANGE 178
# define RSA_R_P_NOT_PRIME 128
# define RSA_R_Q_NOT_PRIME 129
+# define RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT 180
# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
# define RSA_R_SLEN_CHECK_FAILED 136
# define RSA_R_SLEN_RECOVERY_FAILED 135
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index 501d3a100f..6c67f04af9 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -25,18 +25,21 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan tests =>
($no_fips ? 0 : 2) # Extra FIPS related test
- + 13;
+ + 14;
# We want to know that an absurdly small number of bits isn't support
-if (disabled("deprecated-3.0")) {
- is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
- '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
- '-pkeyopt', 'rsa_keygen_pubexp:3'])),
- 0, "genrsa -3 8");
-} else {
- is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
- 0, "genrsa -3 8");
-}
+is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+ '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
+ '-pkeyopt', 'rsa_keygen_pubexp:3'])),
+ 0, "genpkey 8");
+is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
+ 0, "genrsa -3 8");
+
+# We want to know that an absurdly large number of bits fails the RNG check
+is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+ '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:1000000000',
+ '-pkeyopt', 'rsa_keygen_pubexp:3'])),
+ 0, "genpkey 1000000000");
# Depending on the shared library, we might have different lower limits.
# Let's find it! This is a simple binary search
@@ -50,16 +53,10 @@ my $fin;
while ($good > $bad + 1) {
my $checked = int(($good + $bad + 1) / 2);
my $bits = 2 ** $checked;
- if (disabled("deprecated-3.0")) {
- $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
- '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537',
- '-pkeyopt', "rsa_keygen_bits:$bits",
- ], stderr => undef));
- } else {
- $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
- $bits
- ], stderr => undef));
- }
+ $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+ '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537',
+ '-pkeyopt', "rsa_keygen_bits:$bits",
+ ], stderr => undef));
if ($fin) {
note 2 ** $checked, " bits is good";
$good = $checked;
@@ -76,14 +73,9 @@ ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
'-pkeyopt', 'rsa_keygen_pubexp:65537',
'-pkeyopt', "rsa_keygen_bits:$good",
'-out', 'genrsatest.pem' ])),
- "genpkey -3 $good");
+ "genpkey $good");
ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"pkey -check");
-ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
- '-pkeyopt', 'rsa_keygen_pubexp:65537',
- '-pkeyopt', "rsa_keygen_bits:$good",
- '-out', 'genrsatest.pem' ])),
- "genpkey -f4 $good");
ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
'-pkeyopt', 'rsa_keygen_bits:2048',
@@ -104,19 +96,19 @@ ok(!run(app([ 'openssl', 'genpkey', '-propquery', 'unknown',
'-algorithm', 'RSA' ])),
"genpkey requesting unknown=yes property should fail");
-
SKIP: {
- skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0");
+ skip "Skipping rsa command line test", 2 if disabled("deprecated-3.0");
ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
"genrsa -3 $good");
ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
- ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
- "genrsa -f4 $good");
- ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
- "rsa -check");
-}
+ }
+
+ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
+ "genrsa -f4 $good");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "rsa -check");
unless ($no_fips) {
my $provconf = srctop_file("test", "fips-and-base.cnf");
diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t
index ad7018789b..339a2a811d 100644
--- a/test/recipes/15-test_mp_rsa.t
+++ b/test/recipes/15-test_mp_rsa.t
@@ -35,14 +35,14 @@ my @test_param = (
},
);
-plan tests => 1 + scalar(@test_param) * 5 * (disabled('deprecated-3.0') ? 1 : 2);
+plan tests => 1 + scalar(@test_param) * 5 * 2;
ok(run(test(["rsa_mp_test"])), "running rsa multi prime test");
my $cleartext = data_file("plain_text");
# genrsa
-run_mp_tests(0) if !disabled('deprecated-3.0');
+run_mp_tests(0);
# evp
run_mp_tests(1);
@@ -77,14 +77,25 @@ sub run_mp_tests {
ok(run(app([ 'openssl', 'rsa', '-check',
'-in', "rsamptest-$name.pem", '-noout'])),
"rsa -check $name");
- ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
- '-encrypt', '-in', $cleartext,
- '-out', "rsamptest-$name.enc" ])),
- "rsa $name encrypt");
- ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
- '-decrypt', '-in', "rsamptest-$name.enc",
- '-out', "rsamptest-$name.dec" ])),
- "rsa $name decrypt");
+ if (!disabled('deprecated-3.0')) {
+ ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
+ '-encrypt', '-in', $cleartext,
+ '-out', "rsamptest-$name.enc" ])),
+ "rsa $name encrypt");
+ ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
+ '-decrypt', '-in', "rsamptest-$name.enc",
+ '-out', "rsamptest-$name.dec" ])),
+ "rsa $name decrypt");
+ } else {
+ ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
+ '-encrypt', '-in', $cleartext,
+ '-out', "rsamptest-$name.enc" ])),
+ "rsa $name encrypt");
+ ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
+ '-decrypt', '-in', "rsamptest-$name.enc",
+ '-out', "rsamptest-$name.dec" ])),
+ "rsa $name decrypt");
+ }
}
ok(check_msg("rsamptest-$name.dec"), "rsa $name check result");
}
More information about the openssl-commits
mailing list