mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 03:54:14 +08:00
rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check
The code did not yet check that the length of the RSA key is positive and even. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22403)
This commit is contained in:
parent
df5f419b14
commit
8b268541d9
@ -403,6 +403,11 @@ int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
|
||||
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
|
||||
return 0;
|
||||
}
|
||||
/* (Step 3.c): check that the modulus length is a positive even integer */
|
||||
if (nbits <= 0 || (nbits & 0x1)) {
|
||||
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ctx = BN_CTX_new_ex(rsa->libctx);
|
||||
if (ctx == NULL)
|
||||
|
@ -458,6 +458,10 @@ static int test_invalid_keypair(void)
|
||||
&& TEST_true(BN_add_word(n, 1))
|
||||
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
|
||||
&& TEST_true(BN_sub_word(n, 1))
|
||||
/* check that validation fails if len(n) is not even */
|
||||
&& TEST_true(BN_lshift1(n, n))
|
||||
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2049))
|
||||
&& TEST_true(BN_rshift1(n, n))
|
||||
/* check p */
|
||||
&& TEST_true(BN_sub_word(p, 2))
|
||||
&& TEST_true(BN_mul(n, p, q, ctx))
|
||||
|
Loading…
Reference in New Issue
Block a user