diff options
author | rkarmaka98 <rkarmaka98@gmail.com> | 2023-04-26 07:53:35 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-04-28 19:50:23 +0200 |
commit | 925058987e4b48ed5c71bbf46742713b50feeb2d (patch) | |
tree | 1ae31ec46275109cc7e73b3cdde0fa0d4f904581 | |
parent | 66ad9ca65778ecc9b31fd498d2cc9b4e4b5d5eca (diff) | |
download | openssl-new-925058987e4b48ed5c71bbf46742713b50feeb2d.tar.gz |
Avoid generating RSA keys with p < q
We swap p and q in that case except when ACVP tests are being run.
Fixes #20823
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20833)
(cherry picked from commit dc231eb598460aec239c7f597f560bca47d9f72a)
-rw-r--r-- | crypto/rsa/rsa_sp800_56b_gen.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index df2240555b..22d71437b3 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -361,6 +361,7 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, BN_CTX *ctx = NULL; BIGNUM *e = NULL; RSA_ACVP_TEST *info = NULL; + BIGNUM *tmp; #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) info = rsa->acvp_test; @@ -392,6 +393,14 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, /* (Step 2) Generate prime factors */ if (!ossl_rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx, cb)) goto err; + + /* p>q check and skipping in case of acvp test */ + if (info == NULL && BN_cmp(rsa->p, rsa->q) < 0) { + tmp = rsa->p; + rsa->p = rsa->q; + rsa->q = tmp; + } + /* (Steps 3-5) Compute params d, n, dP, dQ, qInv */ ok = ossl_rsa_sp800_56b_derive_params_from_pq(rsa, nbits, e, ctx); if (ok < 0) |