rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check

The code did not yet check that the length of the RSA key is positive
and even.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22403)
This commit is contained in:
Clemens Lang 2023-10-16 15:30:26 +02:00 committed by Matt Caswell
parent df5f419b14
commit 8b268541d9
2 changed files with 9 additions and 0 deletions

View File

@ -403,6 +403,11 @@ int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR); ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
return 0; return 0;
} }
/* (Step 3.c): check that the modulus length is a positive even integer */
if (nbits <= 0 || (nbits & 0x1)) {
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
return 0;
}
ctx = BN_CTX_new_ex(rsa->libctx); ctx = BN_CTX_new_ex(rsa->libctx);
if (ctx == NULL) if (ctx == NULL)

View File

@ -458,6 +458,10 @@ static int test_invalid_keypair(void)
&& TEST_true(BN_add_word(n, 1)) && TEST_true(BN_add_word(n, 1))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048)) && TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
&& TEST_true(BN_sub_word(n, 1)) && TEST_true(BN_sub_word(n, 1))
/* check that validation fails if len(n) is not even */
&& TEST_true(BN_lshift1(n, n))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2049))
&& TEST_true(BN_rshift1(n, n))
/* check p */ /* check p */
&& TEST_true(BN_sub_word(p, 2)) && TEST_true(BN_sub_word(p, 2))
&& TEST_true(BN_mul(n, p, q, ctx)) && TEST_true(BN_mul(n, p, q, ctx))