git.openssl.org Git - openssl.git/commit

author	Tomas Mraz <tomas@openssl.org>
	Fri, 22 Dec 2023 15:25:56 +0000 (16:25 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Mon, 15 Jan 2024 09:55:30 +0000 (10:55 +0100)
commit	a830f551557d3d66a84bbb18a5b889c640c36294
tree	fde96d756bf2eff6f60df37fd61bdd0767156265	tree \| snapshot
parent	60dc128b0f4ab0fec8198ce1724160d0750273b0	commit \| diff

Limit the execution time of RSA public key check

Fixes CVE-2023-6237

If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.

Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)

(cherry picked from commit e09fc1d746a4fd15bb5c3d7bbbab950aadd005db)

crypto/rsa/rsa_sp800_56b_check.c		diff \| blob \| history
test/recipes/91-test_pkey_check.t		diff \| blob \| history
test/recipes/91-test_pkey_check_data/rsapub_17k.pem	[new file with mode: 0644]	blob