rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check

The code did not yet check that the length of the RSA key is positive and even. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22403)
author: Clemens Lang <cllang@redhat.com> 2023-10-16 15:30:26 +0200
committer: Matt Caswell <matt@openssl.org> 2023-10-25 09:26:51 +0100
commit: 8b268541d9aabee51699aef22963407362830ef9 (patch)
tree: 97e0b588645924b1f0d44cca06f9583ffbeda400 /crypto/rsa
parent: df5f419b14de9ff47082c42f2a2db6557ceca84f (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c
index fc8f19b487..e6b79e953d 100644
--- a/crypto/rsa/rsa_sp800_56b_check.c
+++ b/crypto/rsa/rsa_sp800_56b_check.c
@@ -403,6 +403,11 @@ int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
         ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
         return 0;
     }
+    /* (Step 3.c): check that the modulus length is a positive even integer */
+    if (nbits <= 0 || (nbits & 0x1)) {
+        ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR);
+        return 0;
+    }
 
     ctx = BN_CTX_new_ex(rsa->libctx);
     if (ctx == NULL)
author	Clemens Lang <cllang@redhat.com>	2023-10-16 15:30:26 +0200
committer	Matt Caswell <matt@openssl.org>	2023-10-25 09:26:51 +0100
commit	8b268541d9aabee51699aef22963407362830ef9 (patch)
tree	97e0b588645924b1f0d44cca06f9583ffbeda400 /crypto/rsa
parent	df5f419b14de9ff47082c42f2a2db6557ceca84f (diff)