You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.1 KiB
32 lines
1.1 KiB
diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0.1/providers/implementations/kem/rsa_kem.c |
|
--- openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap 2022-11-22 12:27:30.994530801 +0100 |
|
+++ openssl-3.0.1/providers/implementations/kem/rsa_kem.c 2022-11-22 12:32:15.916875495 +0100 |
|
@@ -264,6 +264,14 @@ static int rsasve_generate(PROV_RSA_CTX |
|
*secretlen = nlen; |
|
return 1; |
|
} |
|
+ |
|
+#ifdef FIPS_MODULE |
|
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { |
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); |
|
+ return 0; |
|
+ } |
|
+#endif |
|
+ |
|
/* |
|
* Step (2): Generate a random byte string z of nlen bytes where |
|
* 1 < z < n - 1 |
|
@@ -307,6 +315,13 @@ static int rsasve_recover(PROV_RSA_CTX * |
|
return 1; |
|
} |
|
|
|
+#ifdef FIPS_MODULE |
|
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { |
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); |
|
+ return 0; |
|
+ } |
|
+#endif |
|
+ |
|
/* Step (2): check the input ciphertext 'inlen' matches the nlen */ |
|
if (inlen != nlen) { |
|
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
|
|
|