openssl/crypto/rsa
Tomas Mraz e09fc1d746 Limit the execution time of RSA public key check
Fixes CVE-2023-6237

If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.

Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
2024-01-15 10:54:34 +01:00
..
build.info
rsa_acvp_test_params.c
rsa_ameth.c
rsa_asn1.c
rsa_backend.c Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 2024-01-09 12:03:32 +01:00
rsa_chk.c
rsa_crpt.c
rsa_depr.c
rsa_err.c
rsa_gen.c Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 2024-01-09 12:03:32 +01:00
rsa_lib.c Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 2024-01-09 12:03:32 +01:00
rsa_local.h Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 2024-01-09 12:03:32 +01:00
rsa_meth.c
rsa_mp_names.c
rsa_mp.c
rsa_none.c
rsa_oaep.c
rsa_ossl.c
rsa_pk1.c
rsa_pmeth.c
rsa_prn.c
rsa_pss.c
rsa_saos.c
rsa_schemes.c
rsa_sign.c
rsa_sp800_56b_check.c Limit the execution time of RSA public key check 2024-01-15 10:54:34 +01:00
rsa_sp800_56b_gen.c ossl_rsa_fips186_4_gen_prob_primes(): Remove unused Xpout and Xqout 2024-01-12 17:28:14 +01:00
rsa_x931.c
rsa_x931g.c