CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very<br /> slow.<br /> <br /> Impact summary: Applications that use the functions EVP_PKEY_param_check()<br /> or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may<br /> experience long delays. Where the key or parameters that are being checked<br /> have been obtained from an untrusted source this may lead to a Denial of<br /> Service.<br /> <br /> The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform<br /> various checks on DSA parameters. Some of those computations take a long time<br /> if the modulus (`p` parameter) is too large.<br /> <br /> Trying to use a very large modulus is slow and OpenSSL will not allow using<br /> public keys with a modulus which is over 10,000 bits in length for signature<br /> verification. However the key and parameter check functions do not limit<br /> the modulus size when performing the checks.<br /> <br /> An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()<br /> and supplies a key or parameters obtained from an untrusted source could be<br /> vulnerable to a Denial of Service attack.<br /> <br /> These functions are not called by OpenSSL itself on untrusted DSA keys so<br /> only applications that directly call these functions may be vulnerable.<br /> <br /> Also vulnerable are the OpenSSL pkey and pkeyparam command line applications<br /> when using the `-check` option.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.