summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_server.c
diff options
context:
space:
mode:
authortb <>2023-07-20 06:26:27 +0000
committertb <>2023-07-20 06:26:27 +0000
commit56d542857440491347766bf6ba84a87a30bd89d5 (patch)
tree55cccc1b683393b47b9d3306e4fd44c422e35238 /src/lib/libssl/tls13_server.c
parent3c614dec7a8479b37d8b930d4f5e4bf08d27f341 (diff)
downloadopenbsd-56d542857440491347766bf6ba84a87a30bd89d5.tar.gz
openbsd-56d542857440491347766bf6ba84a87a30bd89d5.tar.bz2
openbsd-56d542857440491347766bf6ba84a87a30bd89d5.zip
Cap the size of numbers we check for primality
We refuse to generate RSA keys larger than 16k and DH keys larger than 10k. Primality checking with adversarial input is a DoS vector, so simply don't do this. Introduce a cap of 32k for numbers we try to test for primality, which should be more than large enough for use withing a non-toolkit crypto library. This is one way of mitigating the DH_check()/EVP_PKEY_param_check() issue. ok jsing miod
Diffstat (limited to 'src/lib/libssl/tls13_server.c')
0 files changed, 0 insertions, 0 deletions