From: Pauli Date: Wed, 26 May 2021 00:00:37 +0000 (+1000) Subject: rsa: check that the RNG is capable of producing a key of the specified size X-Git-Tag: openssl-3.0.0-beta1~358 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=476798f22f76040dc5218aa8e91ffb0177fea9e7;p=thirdparty%2Fopenssl.git rsa: check that the RNG is capable of producing a key of the specified size During key generation, any sized key can be asked for. Attempting to generate a key with a security strength larger than the RNG strength now fails. Fixes #15421 Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15472) --- diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index 2cd0dba7640..d2052c5796b 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -11,6 +11,8 @@ #include #include #include +#include +#include #include "crypto/bn.h" #include "crypto/security_bits.h" #include "rsa_local.h" @@ -185,6 +187,22 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength) return 1; } +/* + * Validate that the random bit generator is of sufficient strength to generate + * a key of the specified length. + */ +static int rsa_validate_rng_strength(EVP_RAND_CTX *rng, int nbits) +{ + if (rng == NULL) + return 0; + if (EVP_RAND_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) { + ERR_raise(ERR_LIB_RSA, + RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT); + return 0; + } + return 1; +} + /* * * Using p & q, calculate other required parameters such as n, d. @@ -346,6 +364,10 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, if (!ossl_rsa_sp800_56b_validate_strength(nbits, -1)) return 0; + /* Check that the RNG is capable of generating a key this large */ + if (!rsa_validate_rng_strength(RAND_get0_private(rsa->libctx), nbits)) + return 0; + ctx = BN_CTX_new_ex(rsa->libctx); if (ctx == NULL) return 0;