Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Call dh_params_check in the client cases
Way back in July Oscar Reparaz got in touch to report that s2n does not fuly validate DH parameters. This is intentional, as s2n only acts as a server and doesn't perform any client-side validation, but it did kick start some interesting conversations with members of the OpenSSL team: should this kind of check happen inside of OpenSSL, or is it really the caller's responsibility. I got a chance to round out these discussions at the HACS conference recently, as it also touched on issues related to how OpenSSL chooses to mitigate both LogJam and CVE-2016-0701. The end result though is that it would be too burdensome and large a change to do the DH_check implicity and always; there are existing applications and caller paths this may break. This change adds the check to s2n. Though s2n still performs no meaningful client side validation (e.g. certificate) and client mode is disabled.
- Loading branch information
Showing
5 changed files
with
23 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters