diff options
author | sashan <anedvedicky@gmail.com> | 2024-08-14 20:07:29 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-08-28 16:50:46 +0200 |
commit | 6dacee485fad2c4d334e08af48891636205ddb6b (patch) | |
tree | 58890bd877c7bc9c422d7245494d9048ed494c3b /.gitmodules | |
parent | Cleanups for FIPS options.. (diff) | |
download | openssl-6dacee485fad2c4d334e08af48891636205ddb6b.tar.xz openssl-6dacee485fad2c4d334e08af48891636205ddb6b.zip |
RSA decoder should check also sanity of p, q, e, d ... with respect to n
This issue has been discovered by osss-fuzzer [1]. The test function decodes
RSA key created by fuzzer and calls EVP_PKEY_pairwise_check() which
proceeds to ossl_bn_miller_rabin_is_prime() check which takes too long
exceeding timeout (45secs).
The idea is to fix OSSL_DECODER_from_data() code path so invalid
RSA keys will be refused.
[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69134
Test case generated by the fuzzer is added.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25190)
Diffstat (limited to '.gitmodules')
0 files changed, 0 insertions, 0 deletions