CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take<br /> a long time.<br /> <br /> Impact summary: Applications that use the function EVP_PKEY_public_check()<br /> to check RSA public keys may experience long delays. Where the key that<br /> is being checked has been obtained from an untrusted source this may lead<br /> to a Denial of Service.<br /> <br /> When function EVP_PKEY_public_check() is called on RSA public keys,<br /> a computation is done to confirm that the RSA modulus, n, is composite.<br /> For valid RSA keys, n is a product of two or more large primes and this<br /> computation completes quickly. However, if n is an overly large prime,<br /> then this computation would take a long time.<br /> <br /> An application that calls EVP_PKEY_public_check() and supplies an RSA key<br /> obtained from an untrusted source could be vulnerable to a Denial of Service<br /> attack.<br /> <br /> The function EVP_PKEY_public_check() is not called from other OpenSSL<br /> functions however it is called from the OpenSSL pkey command line<br /> application. For that reason that application is also vulnerable if used<br /> with the &amp;#39;-pubin&amp;#39; and &amp;#39;-check&amp;#39; options on untrusted data.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.