mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-11 14:22:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
7f8aba2f44
openssl/crypto/rsa
History
Tomas Mraz e09fc1d746 Limit the execution time of RSA public key check 
Fixes CVE-2023-6237

If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.

Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
2024-01-15 10:54:34 +01:00
..
build.info Remove RSA SSLv23 padding mode 2021-03-01 10:56:12 +01:00
rsa_acvp_test_params.c Update copyright year 2021-04-08 13:04:41 +01:00
rsa_ameth.c Fix a possible memleak in rsa_pub_encode 2023-09-11 10:48:54 +02:00
rsa_asn1.c Update copyright year 2021-04-08 13:04:41 +01:00
rsa_backend.c Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 2024-01-09 12:03:32 +01:00
rsa_chk.c Copyright year updates 2023-09-07 09:59:15 +01:00
rsa_crpt.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
rsa_depr.c Update copyright year 2020-04-23 13:55:52 +01:00
rsa_err.c crypto: updates to pass size_t to RAND_bytes_ex() 2021-06-01 18:13:56 +10:00
rsa_gen.c Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 2024-01-09 12:03:32 +01:00
rsa_lib.c Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 2024-01-09 12:03:32 +01:00
rsa_local.h Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 2024-01-09 12:03:32 +01:00
rsa_meth.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
rsa_mp_names.c rsa: add ossl_ prefix to internal rsa_ calls. 2020-10-07 09:04:51 +10:00
rsa_mp.c Replace "a RSA" with "an RSA" 2022-12-07 09:37:25 +11:00
rsa_none.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
rsa_oaep.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
rsa_ossl.c Copyright year updates 2023-09-07 09:59:15 +01:00
rsa_pk1.c Copyright year updates 2023-09-07 09:59:15 +01:00
rsa_pmeth.c Copyright year updates 2023-09-07 09:59:15 +01:00
rsa_prn.c Update copyright year 2021-07-29 15:41:35 +01:00
rsa_pss.c Copyright year updates 2023-09-07 09:59:15 +01:00
rsa_saos.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
rsa_schemes.c rsa: add ossl_ prefix to internal rsa_ calls. 2020-10-07 09:04:51 +10:00
rsa_sign.c Refine the documents of several APIs 2022-12-16 18:59:28 +01:00
rsa_sp800_56b_check.c Limit the execution time of RSA public key check 2024-01-15 10:54:34 +01:00
rsa_sp800_56b_gen.c ossl_rsa_fips186_4_gen_prob_primes(): Remove unused Xpout and Xqout 2024-01-12 17:28:14 +01:00
rsa_x931.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
rsa_x931g.c Copyright year updates 2023-09-07 09:59:15 +01:00