summaryrefslogtreecommitdiff
path: root/src/lib/libc/net
diff options
context:
space:
mode:
authortb <>2023-07-20 06:26:27 +0000
committertb <>2023-07-20 06:26:27 +0000
commit56d542857440491347766bf6ba84a87a30bd89d5 (patch)
tree55cccc1b683393b47b9d3306e4fd44c422e35238 /src/lib/libc/net
parent3c614dec7a8479b37d8b930d4f5e4bf08d27f341 (diff)
downloadopenbsd-56d542857440491347766bf6ba84a87a30bd89d5.tar.gz
openbsd-56d542857440491347766bf6ba84a87a30bd89d5.tar.bz2
openbsd-56d542857440491347766bf6ba84a87a30bd89d5.zip
Cap the size of numbers we check for primality
We refuse to generate RSA keys larger than 16k and DH keys larger than 10k. Primality checking with adversarial input is a DoS vector, so simply don't do this. Introduce a cap of 32k for numbers we try to test for primality, which should be more than large enough for use withing a non-toolkit crypto library. This is one way of mitigating the DH_check()/EVP_PKEY_param_check() issue. ok jsing miod
Diffstat (limited to 'src/lib/libc/net')
0 files changed, 0 insertions, 0 deletions