rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check

The code did not yet check that the length of the RSA key is positive and even. Signed-off-by: Clemens Lang <cllang@redhat.com>
openssl · Oct 16, 2023 · ba05e16 · ba05e16
1 parent 143ca66
commit ba05e16
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c
@@ -403,6 +403,11 @@ int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
         ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
         return 0;
     }
+    /* (Step 3.c): check that the modulus length is a positive even integer */
+    if (nbits <= 0 || (nbits & 0x1)) {
+        ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
+        return 0;
+    }
 
     ctx = BN_CTX_new_ex(rsa->libctx);
     if (ctx == NULL)