diff options
author | rkarmaka98 <rkarmaka98@gmail.com> | 2023-04-26 07:53:35 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-04-28 19:50:35 +0200 |
commit | 87abde51db6250d89a59d503965a045f9996c687 (patch) | |
tree | 2c9e68120141e766651d92beb60c2a213e5ba7f3 | |
parent | b64b846dc86ad3d6f1c562056c2f4bef3beb9be8 (diff) | |
download | openssl-new-87abde51db6250d89a59d503965a045f9996c687.tar.gz |
Avoid generating RSA keys with p < q
We swap p and q in that case except when ACVP tests are being run.
Fixes #20823
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20833)
(cherry picked from commit dc231eb598460aec239c7f597f560bca47d9f72a)
-rw-r--r-- | crypto/rsa/rsa_sp800_56b_gen.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index df2240555b..22d71437b3 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -361,6 +361,7 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, BN_CTX *ctx = NULL; BIGNUM *e = NULL; RSA_ACVP_TEST *info = NULL; + BIGNUM *tmp; #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) info = rsa->acvp_test; @@ -392,6 +393,14 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, /* (Step 2) Generate prime factors */ if (!ossl_rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx, cb)) goto err; + + /* p>q check and skipping in case of acvp test */ + if (info == NULL && BN_cmp(rsa->p, rsa->q) < 0) { + tmp = rsa->p; + rsa->p = rsa->q; + rsa->q = tmp; + } + /* (Steps 3-5) Compute params d, n, dP, dQ, qInv */ ok = ossl_rsa_sp800_56b_derive_params_from_pq(rsa, nbits, e, ctx); if (ok < 0) |