Tomas Mraz e09fc1d746 Limit the execution time of RSA public key check ...

Fixes CVE-2023-6237

If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.

Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)

2024-01-15 10:54:34 +01:00

..

aes

Disable build of HWAES on PPC Macs

2024-01-11 11:08:31 +01:00

aria

Change loops conditions to make zero loop risk more obvious.

2022-05-24 14:11:20 +10:00

asn1

Fix NULL pointer deref when parsing the stable section

2024-01-12 10:37:22 +01:00

async

Stop raising ERR_R_MALLOC_FAILURE in most places

2022-10-05 14:02:03 +02:00

bf

Avoid duplicating symbols in legacy.a with some build options

2023-01-31 11:10:22 +11:00

bio

Fix new typos found by codespell

2023-12-29 10:12:05 +01:00

bn

Avoid an infinite loop in BN_GF2m_mod_inv

2023-12-12 16:08:59 +00:00

buffer

Stop raising ERR_R_MALLOC_FAILURE in most places

2022-10-05 14:02:03 +02:00

camellia

Rename x86-32 assembly files from .s to .S.

2022-05-24 13:16:06 +10:00

cast

Copyright year updates

2023-09-07 09:59:15 +01:00

chacha

LoongArch64 assembly pack: Fix ChaCha20 ABI breakage

2023-12-19 14:12:24 +01:00

cmac

Copyright year updates

2023-09-07 09:59:15 +01:00

cmp

Fix new typos found by codespell

2023-12-29 10:12:05 +01:00

cms

Allow duplicate CMS attributes

2024-01-03 12:41:31 +01:00

comp

Copyright year updates

2023-09-07 09:59:15 +01:00

conf

Detect and prevent recursive config parsing

2023-12-21 13:38:31 -05:00

crmf

Copyright year updates

2023-09-07 09:59:15 +01:00

ct

Stop raising ERR_R_MALLOC_FAILURE in most places

2022-10-05 14:02:03 +02:00

des

Copyright year updates

2023-09-07 09:59:15 +01:00

dh

Make DH_check_pub_key() and DH_generate_key() safer yet

2023-11-06 07:55:01 +00:00

dsa

DH_check_pub_key() should not fail when setting result code

2023-10-11 16:22:27 +02:00

dso

Copyright year updates

2023-09-07 09:59:15 +01:00

ec

Fix declspec align syntax

2023-12-19 13:57:32 +01:00

encode_decode

ossl_decoder_cache_flush(): Do not raise an error if there is no cache

2023-12-06 13:59:13 +01:00

engine

Improved detection of engine-provided private "classic" keys

2023-10-04 11:02:00 +11:00

err

crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery

2023-12-21 23:06:42 +01:00

ess

Stop raising ERR_R_MALLOC_FAILURE in most places

2022-10-05 14:02:03 +02:00

evp

Fix partial block encryption in cfb and ofb for s390x (legacy)

2024-01-12 10:34:39 +01:00

ffc

DH_check_pub_key() should not fail when setting result code

2023-10-11 16:22:27 +02:00

hmac

Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()

2021-06-23 23:00:36 +02:00

hpke

Add additional internal HPKE hardening checks resulting from code audit.

2023-11-03 09:10:19 +01:00

http

Fix some invalid use of sscanf

2023-12-12 16:12:32 +00:00

idea

Avoid duplicating symbols in legacy.a with some build options

2023-01-31 11:10:22 +11:00

kdf

…

lhash

All lh_stats functions were deprecated in 3.1

2023-10-04 07:52:41 +11:00

md2

Avoid duplicating symbols in legacy.a with some build options

2023-01-31 11:10:22 +11:00

md4

Avoid duplicating symbols in legacy.a with some build options

2023-01-31 11:10:22 +11:00

md5

md5: add assembly implementation for loongarch64

2023-12-27 10:15:29 +01:00

mdc2

Avoid duplicating symbols in legacy.a with some build options

2023-01-31 11:10:22 +11:00

modes

aes_platform.h, gcm128.c: fix Darwin PowerPC macro to include ppc64

2024-01-12 19:33:33 +01:00

objects

Fix arithmetic expression overflow

2024-01-15 10:49:25 +01:00

ocsp

Copyright year updates

2023-09-07 09:59:15 +01:00

pem

Copyright year updates

2023-09-28 14:23:29 +01:00

perlasm

x86_64-xlate.pl: Fix build with icx and nvc compilers

2023-11-24 17:21:39 +01:00

pkcs7

Fix possible memleak in PKCS7_add0_attrib_signing_time

2023-11-22 09:49:02 +01:00

pkcs12

Copyright year updates

2023-09-28 14:23:29 +01:00

poly1305

poly1305_ieee754.c: fix PowerPC macros

2024-01-15 10:45:07 +01:00

property

Add overflow checks to parse_number/parse_hex/parse_oct

2023-12-07 12:07:43 -05:00

rand

internal/common.h: rename macro (un)likely to ossl_(un)likely

2023-11-03 21:08:22 +01:00

rc2

Copyright year updates

2023-09-07 09:59:15 +01:00

rc4

Copyright year updates

2023-09-07 09:59:15 +01:00

rc5

Copyright year updates

2023-09-07 09:59:15 +01:00

ripemd

Avoid duplicating symbols in legacy.a with some build options

2023-01-31 11:10:22 +11:00

rsa

Limit the execution time of RSA public key check

2024-01-15 10:54:34 +01:00

seed

Avoid duplicating symbols in legacy.a with some build options

2023-01-31 11:10:22 +11:00

sha

SHA3_squeeze(): The next argument is int

2023-11-23 15:13:53 +00:00

siphash

crypto/*: Fix various typos, repeated words, align some spelling to LDP.

2022-10-12 16:55:01 +11:00

sm2

Copyright year updates

2023-09-07 09:59:15 +01:00

sm3

riscv: Support sm3 on platforms with vlen >= 128.

2023-10-26 15:55:50 +01:00

sm4

Fix new typos found by codespell

2023-12-29 10:12:05 +01:00

srp

Copyright year updates

2023-09-28 14:23:29 +01:00

stack

Make OPENSSL_sk_push return only 0 or 1

2024-01-04 14:51:48 +01:00

store

Copyright year updates

2023-09-28 14:23:29 +01:00

thread

Copyright year updates

2023-09-07 09:59:15 +01:00

ts

Copyright year updates

2023-09-07 09:59:15 +01:00

txt_db

Copyright year updates

2023-09-07 09:59:15 +01:00

ui

Copyright year updates

2023-09-07 09:59:15 +01:00

whrlpool

Copyright year updates

2023-09-07 09:59:15 +01:00

x509

Fix a similar memory leak in SXNET_add_id_INTEGER

2024-01-10 17:59:53 +01:00

alphacpuid.pl

…

arm64cpuid.pl

Update copyright year

2022-05-03 13:34:51 +01:00

arm_arch.h

Optimize AES-CTR for ARM Neoverse V1 and V2.

2023-11-29 18:10:31 +01:00

armcap.c

Optimize AES-CTR for ARM Neoverse V1 and V2.

2023-11-29 18:10:31 +01:00

armv4cpuid.pl

Copyright year updates

2023-09-07 09:59:15 +01:00

asn1_dsa.c

…

bsearch.c

…

build.info

Do not include sparse_array.o in libssl

2023-09-22 20:42:48 +02:00

c64xpluscpuid.pl

…

context.c

Copyright year updates

2023-09-07 09:59:15 +01:00

core_algorithm.c

Stop raising ERR_R_MALLOC_FAILURE in most places

2022-10-05 14:02:03 +02:00

core_fetch.c

"Reserve" the method store when constructing methods

2022-07-20 07:28:17 +01:00

core_namemap.c

Copyright year updates

2023-09-07 09:59:15 +01:00

cpt_err.c

err: add additional errors

2022-01-12 20:10:21 +11:00

cpuid.c

Copyright year updates

2023-09-28 14:23:29 +01:00

cryptlib.c

Copyright year updates

2023-09-07 09:59:15 +01:00

ctype.c

Copyright year updates

2023-09-07 09:59:15 +01:00

cversion.c

…

der_writer.c

der_writer: Use uint32_t instead of long.

2022-06-27 10:58:40 +02:00

deterministic_nonce.c

Copyright year updates

2023-09-07 09:59:15 +01:00

dllmain.c

Update copyright year

2022-05-03 13:34:51 +01:00

ebcdic.c

…

ex_data.c

Fix error handling in CRYPTO_get_ex_new_index

2023-09-21 14:43:08 +02:00

getenv.c

Update copyright year

2022-05-03 13:34:51 +01:00

ia64cpuid.S

…

info.c

Copyright year updates

2023-09-07 09:59:15 +01:00

init.c

Copyright year updates

2023-09-07 09:59:15 +01:00

initthread.c

crypto/initthread.c: fix misspelled OSSL_provider_init() in comment

2023-10-26 15:45:41 +01:00

loongarch64cpuid.pl

LoongArch64 assembly pack: Really implement OPENSSL_rdtsc

2023-12-19 18:34:34 +01:00

loongarch_arch.h

Copyright year updates

2023-09-07 09:59:15 +01:00

loongarchcap.c

Copyright year updates

2023-09-07 09:59:15 +01:00

LPdir_nyi.c

…

LPdir_unix.c

Copyright year updates

2023-09-07 09:59:15 +01:00

LPdir_vms.c

…

LPdir_win32.c

…

LPdir_win.c

…

LPdir_wince.c

…

mem_clr.c

…

mem_sec.c

Add locking to CRYPTO_secure_used

2023-12-01 09:03:04 -05:00

mem.c

Windows: use srand() instead of srandom()

2023-10-13 15:04:42 +02:00

mips_arch.h

…

o_dir.c

Update copyright year

2022-05-03 13:34:51 +01:00

o_fopen.c

crypto: Fix various typos, repeated words, align some spelling to LDP.

2022-10-12 16:55:01 +11:00

o_init.c

Update copyright year

2022-05-03 13:34:51 +01:00

o_str.c

Copyright year updates

2023-09-28 14:23:29 +01:00

o_time.c

…

packet.c

Copyright year updates

2023-09-07 09:59:15 +01:00

param_build_set.c

ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs

2023-10-18 18:07:13 +02:00

param_build.c

params: drop INT_MAX checks

2023-12-29 10:21:10 +01:00

params_dup.c

Stop raising ERR_R_MALLOC_FAILURE in most places

2022-10-05 14:02:03 +02:00

params_from_text.c

Stop raising ERR_R_MALLOC_FAILURE in most places

2022-10-05 14:02:03 +02:00

params_idx.c.in

params: provide a faster TRIE based param lookup.

2023-06-02 15:13:20 +10:00

params.c

Check appropriate OSSL_PARAM_get_* functions for NULL

2024-01-09 16:56:55 +01:00

pariscid.pl

…

passphrase.c

Stop raising ERR_R_MALLOC_FAILURE in most places

2022-10-05 14:02:03 +02:00

ppccap.c

Update copyright year

2022-05-03 13:34:51 +01:00

ppccpuid.pl

Update copyright year

2022-05-03 13:34:51 +01:00

provider_child.c

Copyright year updates

2023-09-07 09:59:15 +01:00

provider_conf.c

Fix remaining provider config settings to be decisive in value

2023-12-27 09:32:48 +01:00

provider_core.c

After initializing a provider, check if its output dispatch table is NULL

2023-12-04 15:12:34 +01:00

provider_local.h

make struct provider_info_st a full type

2021-06-24 14:48:15 +01:00

provider_predefined.c

make struct provider_info_st a full type

2021-06-24 14:48:15 +01:00

provider.c

Copyright year updates

2023-09-07 09:59:15 +01:00

punycode.c

Copyright year updates

2023-09-07 09:59:15 +01:00

quic_vlint.c

QUIC: Enable building with QUIC support disabled

2023-01-13 13:20:16 +00:00

README-sparse_array.md

…

riscv32cpuid.pl

Add RISC-V 32 cpuid support

2022-09-05 10:20:30 +10:00

riscv64cpuid.pl

riscv: Add basic vector extension support

2023-10-26 15:55:49 +01:00

riscvcap.c

riscv: Add basic vector extension support

2023-10-26 15:55:49 +01:00

s390x_arch.h

Copyright year updates

2023-09-07 09:59:15 +01:00

s390xcap.c

Copyright year updates

2023-09-07 09:59:15 +01:00

s390xcpuid.pl

…

self_test_core.c

Update copyright year

2022-05-03 13:34:51 +01:00

sleep.c

Copyright year updates

2023-09-07 09:59:15 +01:00

sparccpuid.S

…

sparcv9cap.c

Split bignum code out of the sparcv9cap.c

2021-07-15 09:33:04 +02:00

sparse_array.c

Coverity 1507376: Dereference after null check

2022-07-22 14:42:13 +02:00

threads_lib.c

Define threads_lib.c functions only for OPENSSL_SYS_UNIX

2022-11-14 07:47:53 +00:00

threads_none.c

Copyright year updates

2023-09-07 09:59:15 +01:00

threads_pthread.c

Copyright year updates

2023-09-07 09:59:15 +01:00

threads_win.c

Copyright year updates

2023-09-07 09:59:15 +01:00

time.c

Copyright year updates

2023-09-07 09:59:15 +01:00

trace.c

"foo * bar" should be "foo *bar"

2023-09-11 10:15:30 +02:00

uid.c

Copyright year updates

2023-09-07 09:59:15 +01:00

vms_rms.h

…

x86_64cpuid.pl

…

x86cpuid.pl

…