Reject excessively large primes in DH key generation. Problem reported - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	sthen <>	2018-06-12 15:32:54 +0000
committer	sthen <>	2018-06-12 15:32:54 +0000
commit	944885610663d79b2787c4d04d9ae3b283754f55 (patch)
tree	fb7b950632b5c481da12c93906cbe9e80acccd57 /src/lib/libcrypto/dsa/dsa_ossl.c
parent	9b3a84945fe74b679a5580f0805138ff98543f62 (diff)
download	openbsd-944885610663d79b2787c4d04d9ae3b283754f55.tar.gz openbsd-944885610663d79b2787c4d04d9ae3b283754f55.tar.bz2 openbsd-944885610663d79b2787c4d04d9ae3b283754f55.zip

Reject excessively large primes in DH key generation. Problem reported

by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack."

Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ossl.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: