diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-12-22 16:25:56 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-01-15 10:58:05 +0100 |
commit | 18c02492138d1eb8b6548cb26e7b625fb2414a2a (patch) | |
tree | a25e4f66a2ae78a697926a1c2e7d69e5e88e3696 /doc | |
parent | 11f7b60b6ff4d2186f83fbe05f3ffbdebaa8572b (diff) |
Limit the execution time of RSA public key check
Fixes CVE-2023-6237
If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.
Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit e09fc1d746a4fd15bb5c3d7bbbab950aadd005db)
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions