openssl/crypto
Tomas Mraz e09fc1d746 Limit the execution time of RSA public key check
Fixes CVE-2023-6237

If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.

Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
2024-01-15 10:54:34 +01:00
..
aes Disable build of HWAES on PPC Macs 2024-01-11 11:08:31 +01:00
aria
asn1 Fix NULL pointer deref when parsing the stable section 2024-01-12 10:37:22 +01:00
async Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
bf Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
bio Fix new typos found by codespell 2023-12-29 10:12:05 +01:00
bn Avoid an infinite loop in BN_GF2m_mod_inv 2023-12-12 16:08:59 +00:00
buffer Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
camellia
cast Copyright year updates 2023-09-07 09:59:15 +01:00
chacha LoongArch64 assembly pack: Fix ChaCha20 ABI breakage 2023-12-19 14:12:24 +01:00
cmac Copyright year updates 2023-09-07 09:59:15 +01:00
cmp Fix new typos found by codespell 2023-12-29 10:12:05 +01:00
cms Allow duplicate CMS attributes 2024-01-03 12:41:31 +01:00
comp Copyright year updates 2023-09-07 09:59:15 +01:00
conf Detect and prevent recursive config parsing 2023-12-21 13:38:31 -05:00
crmf Copyright year updates 2023-09-07 09:59:15 +01:00
ct Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
des Copyright year updates 2023-09-07 09:59:15 +01:00
dh Make DH_check_pub_key() and DH_generate_key() safer yet 2023-11-06 07:55:01 +00:00
dsa DH_check_pub_key() should not fail when setting result code 2023-10-11 16:22:27 +02:00
dso Copyright year updates 2023-09-07 09:59:15 +01:00
ec Fix declspec align syntax 2023-12-19 13:57:32 +01:00
encode_decode ossl_decoder_cache_flush(): Do not raise an error if there is no cache 2023-12-06 13:59:13 +01:00
engine Improved detection of engine-provided private "classic" keys 2023-10-04 11:02:00 +11:00
err crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery 2023-12-21 23:06:42 +01:00
ess Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
evp Fix partial block encryption in cfb and ofb for s390x (legacy) 2024-01-12 10:34:39 +01:00
ffc DH_check_pub_key() should not fail when setting result code 2023-10-11 16:22:27 +02:00
hmac
hpke Add additional internal HPKE hardening checks resulting from code audit. 2023-11-03 09:10:19 +01:00
http Fix some invalid use of sscanf 2023-12-12 16:12:32 +00:00
idea Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
kdf
lhash All lh_stats functions were deprecated in 3.1 2023-10-04 07:52:41 +11:00
md2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md4 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md5 md5: add assembly implementation for loongarch64 2023-12-27 10:15:29 +01:00
mdc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
modes aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64 2024-01-12 19:33:33 +01:00
objects Fix arithmetic expression overflow 2024-01-15 10:49:25 +01:00
ocsp Copyright year updates 2023-09-07 09:59:15 +01:00
pem Copyright year updates 2023-09-28 14:23:29 +01:00
perlasm x86_64-xlate.pl: Fix build with icx and nvc compilers 2023-11-24 17:21:39 +01:00
pkcs7 Fix possible memleak in PKCS7_add0_attrib_signing_time 2023-11-22 09:49:02 +01:00
pkcs12 Copyright year updates 2023-09-28 14:23:29 +01:00
poly1305 poly1305_ieee754.c: fix PowerPC macros 2024-01-15 10:45:07 +01:00
property Add overflow checks to parse_number/parse_hex/parse_oct 2023-12-07 12:07:43 -05:00
rand internal/common.h: rename macro (un)likely to ossl_(un)likely 2023-11-03 21:08:22 +01:00
rc2 Copyright year updates 2023-09-07 09:59:15 +01:00
rc4 Copyright year updates 2023-09-07 09:59:15 +01:00
rc5 Copyright year updates 2023-09-07 09:59:15 +01:00
ripemd Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rsa Limit the execution time of RSA public key check 2024-01-15 10:54:34 +01:00
seed Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
sha SHA3_squeeze(): The next argument is int 2023-11-23 15:13:53 +00:00
siphash crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
sm2 Copyright year updates 2023-09-07 09:59:15 +01:00
sm3 riscv: Support sm3 on platforms with vlen >= 128. 2023-10-26 15:55:50 +01:00
sm4 Fix new typos found by codespell 2023-12-29 10:12:05 +01:00
srp Copyright year updates 2023-09-28 14:23:29 +01:00
stack Make OPENSSL_sk_push return only 0 or 1 2024-01-04 14:51:48 +01:00
store Copyright year updates 2023-09-28 14:23:29 +01:00
thread Copyright year updates 2023-09-07 09:59:15 +01:00
ts Copyright year updates 2023-09-07 09:59:15 +01:00
txt_db Copyright year updates 2023-09-07 09:59:15 +01:00
ui Copyright year updates 2023-09-07 09:59:15 +01:00
whrlpool Copyright year updates 2023-09-07 09:59:15 +01:00
x509 Fix a similar memory leak in SXNET_add_id_INTEGER 2024-01-10 17:59:53 +01:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h Optimize AES-CTR for ARM Neoverse V1 and V2. 2023-11-29 18:10:31 +01:00
armcap.c Optimize AES-CTR for ARM Neoverse V1 and V2. 2023-11-29 18:10:31 +01:00
armv4cpuid.pl Copyright year updates 2023-09-07 09:59:15 +01:00
asn1_dsa.c
bsearch.c
build.info Do not include sparse_array.o in libssl 2023-09-22 20:42:48 +02:00
c64xpluscpuid.pl
context.c Copyright year updates 2023-09-07 09:59:15 +01:00
core_algorithm.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
core_fetch.c
core_namemap.c Copyright year updates 2023-09-07 09:59:15 +01:00
cpt_err.c
cpuid.c Copyright year updates 2023-09-28 14:23:29 +01:00
cryptlib.c Copyright year updates 2023-09-07 09:59:15 +01:00
ctype.c Copyright year updates 2023-09-07 09:59:15 +01:00
cversion.c
der_writer.c
deterministic_nonce.c Copyright year updates 2023-09-07 09:59:15 +01:00
dllmain.c
ebcdic.c
ex_data.c Fix error handling in CRYPTO_get_ex_new_index 2023-09-21 14:43:08 +02:00
getenv.c
ia64cpuid.S
info.c Copyright year updates 2023-09-07 09:59:15 +01:00
init.c Copyright year updates 2023-09-07 09:59:15 +01:00
initthread.c crypto/initthread.c: fix misspelled OSSL_provider_init() in comment 2023-10-26 15:45:41 +01:00
loongarch64cpuid.pl LoongArch64 assembly pack: Really implement OPENSSL_rdtsc 2023-12-19 18:34:34 +01:00
loongarch_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
loongarchcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_nyi.c
LPdir_unix.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c Add locking to CRYPTO_secure_used 2023-12-01 09:03:04 -05:00
mem.c Windows: use srand() instead of srandom() 2023-10-13 15:04:42 +02:00
mips_arch.h
o_dir.c
o_fopen.c crypto: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
o_init.c
o_str.c Copyright year updates 2023-09-28 14:23:29 +01:00
o_time.c
packet.c Copyright year updates 2023-09-07 09:59:15 +01:00
param_build_set.c ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs 2023-10-18 18:07:13 +02:00
param_build.c params: drop INT_MAX checks 2023-12-29 10:21:10 +01:00
params_dup.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
params_from_text.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
params_idx.c.in params: provide a faster TRIE based param lookup. 2023-06-02 15:13:20 +10:00
params.c Check appropriate OSSL_PARAM_get_* functions for NULL 2024-01-09 16:56:55 +01:00
pariscid.pl
passphrase.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
ppccap.c
ppccpuid.pl
provider_child.c Copyright year updates 2023-09-07 09:59:15 +01:00
provider_conf.c Fix remaining provider config settings to be decisive in value 2023-12-27 09:32:48 +01:00
provider_core.c After initializing a provider, check if its output dispatch table is NULL 2023-12-04 15:12:34 +01:00
provider_local.h
provider_predefined.c
provider.c Copyright year updates 2023-09-07 09:59:15 +01:00
punycode.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_vlint.c QUIC: Enable building with QUIC support disabled 2023-01-13 13:20:16 +00:00
README-sparse_array.md
riscv32cpuid.pl
riscv64cpuid.pl riscv: Add basic vector extension support 2023-10-26 15:55:49 +01:00
riscvcap.c riscv: Add basic vector extension support 2023-10-26 15:55:49 +01:00
s390x_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
s390xcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
s390xcpuid.pl
self_test_core.c
sleep.c Copyright year updates 2023-09-07 09:59:15 +01:00
sparccpuid.S
sparcv9cap.c
sparse_array.c
threads_lib.c Define threads_lib.c functions only for OPENSSL_SYS_UNIX 2022-11-14 07:47:53 +00:00
threads_none.c Copyright year updates 2023-09-07 09:59:15 +01:00
threads_pthread.c Copyright year updates 2023-09-07 09:59:15 +01:00
threads_win.c Copyright year updates 2023-09-07 09:59:15 +01:00
time.c Copyright year updates 2023-09-07 09:59:15 +01:00
trace.c "foo * bar" should be "foo *bar" 2023-09-11 10:15:30 +02:00
uid.c Copyright year updates 2023-09-07 09:59:15 +01:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl