Fix change in behaviour of EVP_PKEY_CTRL_RSA_KEYGEN_BITS

In 1.1.1 the ctrl EVP_PKEY_CTRL_RSA_KEYGEN_BITS would fail immediately if the number of bits was too small. In 3.0 it always succeeds, and only fails later during the key generation stage. We fix that so that it fails early like it used to in 1.1.1. Note that in 1.1.1 it fails with a -2 return code. That is not the case in 3.0 and has not been addressed here (see #14442) Fixes #14443 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14702)
2024-11-30 21:44:16 +08:00 · 2021-03-26 16:49:27 +00:00 · 2021-03-26 16:49:27 +00:00 · c6b09ea0fe
commit c6b09ea0fe
parent 6635ea531e
4 changed files with 12 additions and 5 deletions
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@ -14,7 +14,6 @@
 #include "crypto/rsa.h"

 #define RSA_MAX_PRIME_NUM       5
-#define RSA_MIN_MODULUS_BITS    512

 typedef struct rsa_prime_info_st {
    BIGNUM *r;
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@ -16,6 +16,8 @@
 # include <openssl/x509.h>
 # include "crypto/types.h"

+#define RSA_MIN_MODULUS_BITS    512
+
 typedef struct rsa_pss_params_30_st {
    int hash_algorithm_nid;
    struct {
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@ -19,6 +19,7 @@
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
+#include <openssl/proverr.h>
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 #include "prov/provider_ctx.h"
@ -473,9 +474,14 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
    if (params == NULL)
        return 1;

-    if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL
-        && !OSSL_PARAM_get_size_t(p, &gctx->nbits))
-        return 0;
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) {
+        if (!OSSL_PARAM_get_size_t(p, &gctx->nbits))
+            return 0;
+        if (gctx->nbits < RSA_MIN_MODULUS_BITS) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
+            return 0;
+        }
+    }
    if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL
        && !OSSL_PARAM_get_size_t(p, &gctx->primes))
        return 0;
--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt
@ -614,5 +614,5 @@ Title = Test RSA keygen
 KeyGen = rsaEncryption
 Ctrl = rsa_keygen_bits:128
 KeyName = tmprsa
-Result = KEYGEN_GENERATE_ERROR
+Result = PKEY_CTRL_ERROR
 Reason = key size too small