mirror of https://github.com/openssl/openssl
fuzz/decoder.c: Limit the key sizes on which checks are run
In particular the DH safe prime check will be limited to 8192 bits and the private and pairwise checks are limited to 16384 bits on any key types. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/24049)
This commit is contained in:
parent
c89baf8710
commit
9fc61ba0a7
|
@ -64,10 +64,19 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
|
|||
EVP_PKEY_free(pkey2);
|
||||
|
||||
ctx = EVP_PKEY_CTX_new(pkey, NULL);
|
||||
EVP_PKEY_param_check(ctx);
|
||||
/*
|
||||
* Param check will take too long time on large DH parameters.
|
||||
* Skip it.
|
||||
*/
|
||||
if (!EVP_PKEY_is_a(pkey, "DH") || EVP_PKEY_get_bits(pkey) <= 8192)
|
||||
EVP_PKEY_param_check(ctx);
|
||||
|
||||
EVP_PKEY_public_check(ctx);
|
||||
EVP_PKEY_private_check(ctx);
|
||||
EVP_PKEY_pairwise_check(ctx);
|
||||
/* Private and pairwise checks are unbounded, skip for large keys. */
|
||||
if (EVP_PKEY_get_bits(pkey) <= 16384) {
|
||||
EVP_PKEY_private_check(ctx);
|
||||
EVP_PKEY_pairwise_check(ctx);
|
||||
}
|
||||
OPENSSL_assert(ctx != NULL);
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
EVP_PKEY_free(pkey);
|
||||
|
|
Loading…
Reference in New Issue