summaryrefslogtreecommitdiff
path: root/src/lib/libc/string/timingsafe_memcmp.c
diff options
context:
space:
mode:
authortb <>2022-02-24 08:31:11 +0000
committertb <>2022-02-24 08:31:11 +0000
commitf2e5689ff5fbb1dbc22de717daa5566fe3a613b4 (patch)
treec755575c2146974ab21cf2e63c0f552662fe2d03 /src/lib/libc/string/timingsafe_memcmp.c
parent95e90dc06dccc0b309c252ec72524e567b7291fd (diff)
downloadopenbsd-f2e5689ff5fbb1dbc22de717daa5566fe3a613b4.tar.gz
openbsd-f2e5689ff5fbb1dbc22de717daa5566fe3a613b4.tar.bz2
openbsd-f2e5689ff5fbb1dbc22de717daa5566fe3a613b4.zip
Add sanity checks on p and q in old_dsa_priv_decode()
dsa_do_verify() has checks on dsa->p and dsa->q that ensure that p isn't overly long and that q has one of the three allowed lengths specified in FIPS 186-3, namely 160, 224, or 256. Do these checks on deserialization of DSA keys without parameters. This means that we will now reject keys we would previously deserialize. Such keys are useless in that signatures generated by them would be rejected by both LibreSSL and OpenSSL. This avoids a timeout flagged in oss-fuzz #26899 due to a ridiculous DSA key whose q has size 65KiB. The timeout comes from additional checks on DSA keys added by miod in dsa_ameth.c r1.18, especially checking such a humungous number for primality is expensive. ok jsing
Diffstat (limited to 'src/lib/libc/string/timingsafe_memcmp.c')
0 files changed, 0 insertions, 0 deletions