openssl icon indicating copy to clipboard operation
openssl copied to clipboard
verified publisher icon openssl

RSA decoder should check also sanity of p, q, e, d ... with repsect to n

Open Sashan opened this issue 1 year ago • 11 comments

this issue has been discovered by osss-fuzzer [1]. The test function decodes RSA key created by fuzzer and calls EVP_PKEY_pairwise_check() which proceeds to ossl_bn_miller_rabin_is_prime() check which takes too long exceeding timeout (45secs).

The idea is to fix OSSL_DECODER_from_data() code path so invalid RSA keys will be refused.

[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69134

Sashan avatar Aug 14 '24 18:08 Sashan

If you could please rebase @Sashan , it should fix your ci failures

nhorman avatar Aug 14 '24 19:08 nhorman

The check should be IMO done if the key is created via a fromdata/import function as well.

Also multiprime RSA keys need to be handled.

t8m avatar Aug 15 '24 10:08 t8m

New revision attempts to address comments raised by @t8m. In order to make evp_test to pass I had to introduce a rounding I feel uneasy about this change. The bits for key at line 610 found in test/recipes/30-test_evp_data/evppkey_rsa_common.txt were 1024. However the prime components p,q were 1025 and 1026.

there were perhaps other cases too, but I've analyzed this particular one.

this is the only friction in proposed change which I feel needs to be brought up to wider attention.

Sashan avatar Aug 15 '24 18:08 Sashan

LGTM

thanks for review, can you mark it as 'accepted'? thanks.

Sashan avatar Aug 22 '24 13:08 Sashan

Could you add the fuzzer-generated data as a testcase somehow? IMO it should fail import with openssl rsa (or openssl pkey) with the fix. Otherwise it should pass.

t8m avatar Aug 22 '24 16:08 t8m

Could you add the fuzzer-generated data as a testcase somehow? IMO it should fail import with openssl rsa (or openssl pkey) with the fix. Otherwise it should pass.

I've added the test to evp_extra_test.c. The key comes from fuzzer report.

Sashan avatar Aug 22 '24 23:08 Sashan

@nhorman please reconfirm your approval

t8m avatar Aug 23 '24 09:08 t8m

Ack, approval holds

nhorman avatar Aug 23 '24 11:08 nhorman

This pull request is ready to merge

openssl-machine avatar Aug 24 '24 14:08 openssl-machine

@t8m, @nhorman please reconfirm after latest change.

mattcaswell avatar Aug 26 '24 09:08 mattcaswell

ack, approval holds

nhorman avatar Aug 26 '24 11:08 nhorman

This pull request is ready to merge

openssl-machine avatar Aug 28 '24 14:08 openssl-machine

Squashed and merged to the master branch. Thank you.

t8m avatar Aug 28 '24 14:08 t8m