diff options
| -rw-r--r-- | crypto/rsa/rsa_local.h | 1 | ||||
| -rw-r--r-- | include/crypto/rsa.h | 2 | ||||
| -rw-r--r-- | providers/implementations/keymgmt/rsa_kmgmt.c | 12 | ||||
| -rw-r--r-- | test/recipes/30-test_evp_data/evppkey_rsa.txt | 2 |
4 files changed, 12 insertions, 5 deletions
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 6979adfcd1..ea70da05ad 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -14,7 +14,6 @@ #include "crypto/rsa.h" #define RSA_MAX_PRIME_NUM 5 -#define RSA_MIN_MODULUS_BITS 512 typedef struct rsa_prime_info_st { BIGNUM *r; diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index 69fa8a4d8a..73bf03f615 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -16,6 +16,8 @@ # include <openssl/x509.h> # include "crypto/types.h" +#define RSA_MIN_MODULUS_BITS 512 + typedef struct rsa_pss_params_30_st { int hash_algorithm_nid; struct { diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index eac3843884..1bcb6ed603 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -19,6 +19,7 @@ #include <openssl/err.h> #include <openssl/rsa.h> #include <openssl/evp.h> +#include <openssl/proverr.h> #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" @@ -473,9 +474,14 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) if (params == NULL) return 1; - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL - && !OSSL_PARAM_get_size_t(p, &gctx->nbits)) - return 0; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) { + if (!OSSL_PARAM_get_size_t(p, &gctx->nbits)) + return 0; + if (gctx->nbits < RSA_MIN_MODULUS_BITS) { + ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); + return 0; + } + } if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL && !OSSL_PARAM_get_size_t(p, &gctx->primes)) return 0; diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt index 4354bd649a..79e6715f4c 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt @@ -614,5 +614,5 @@ Title = Test RSA keygen KeyGen = rsaEncryption Ctrl = rsa_keygen_bits:128 KeyName = tmprsa -Result = KEYGEN_GENERATE_ERROR +Result = PKEY_CTRL_ERROR Reason = key size too small |