git.ipfire.org Git - thirdparty/openssl.git/commit

author	sashan <anedvedicky@gmail.com>
	Wed, 14 Aug 2024 18:07:29 +0000 (20:07 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 28 Aug 2024 14:50:46 +0000 (16:50 +0200)
commit	6dacee485fad2c4d334e08af48891636205ddb6b
tree	58890bd877c7bc9c422d7245494d9048ed494c3b	tree
parent	f6a296c3867f53cd005069292d512280835bcdae	commit \| diff

RSA decoder should check also sanity of p, q, e, d ... with respect to n

This issue has been discovered by osss-fuzzer [1]. The test function decodes
RSA key created by fuzzer and calls EVP_PKEY_pairwise_check() which
proceeds to ossl_bn_miller_rabin_is_prime() check which takes too long
exceeding timeout (45secs).

The idea is to fix OSSL_DECODER_from_data() code path so invalid
RSA keys will be refused.

[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69134

Test case generated by the fuzzer is added.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25190)

crypto/rsa/rsa_backend.c		diff \| blob \| blame \| history
crypto/rsa/rsa_lib.c		diff \| blob \| blame \| history
include/crypto/rsa.h		diff \| blob \| blame \| history
providers/implementations/encode_decode/decode_der2key.c		diff \| blob \| blame \| history
test/evp_extra_test.c		diff \| blob \| blame \| history