TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 76336c3e4d0396508f6f5e23f54bc13d854fd863^! / . / library
commit76336c3e4d0396508f6f5e23f54bc13d854fd863[log] [tgz]
authorWaleed Elmelegy <waleed.elmelegy@arm.com>Fri Jun 30 16:48:19 2023 +0100
committerWaleed Elmelegy <waleed.elmelegy@arm.com>Thu Jul 27 10:58:25 2023 +0000
treeb5b7b1fad18d6bf184628d5ec9685d05c523d92a
parent51ed3139d1f833c0698c834e1869747f97bcd432 [diff]
Enforce minimum key size when generating RSA key size

Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

diff --git a/library/rsa.c b/library/rsa.c
index 6a74bef..9fd14db 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -550,6 +550,11 @@
         goto cleanup;
     }
 
+    if (nbits < MBEDTLS_RSA_MIN_KEY_SIZE) {
+        ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
     /*
      * find primes P and Q with Q < P so that:
      * 1.  |P-Q| > 2^( nbits / 2 - 100 )