GitHub/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-05-07 20:12:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fuzz/decoder.c: Limit the key sizes on which checks are run

Browse Source 
In particular the DH safe prime check will be limited to 8192 bits
and the private and pairwise checks are limited to 16384 bits on
any key types.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24049)
This commit is contained in:
Tomas Mraz
2024-04-05 16:29:53 +02:00
parent c89baf8710
commit 9fc61ba0a7
1 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
fuzz/decoder.c
+12 -3
View File
@@ -64,10 +64,19 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
EVP_PKEY_free(pkey2);
ctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_param_check(ctx);
/*
* Param check will take too long time on large DH parameters.
* Skip it.
*/
if (!EVP_PKEY_is_a(pkey, "DH") || EVP_PKEY_get_bits(pkey) <= 8192)
EVP_PKEY_param_check(ctx);
EVP_PKEY_public_check(ctx);
EVP_PKEY_private_check(ctx);
EVP_PKEY_pairwise_check(ctx);
/* Private and pairwise checks are unbounded, skip for large keys. */
if (EVP_PKEY_get_bits(pkey) <= 16384) {
EVP_PKEY_private_check(ctx);
EVP_PKEY_pairwise_check(ctx);
}
OPENSSL_assert(ctx != NULL);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);