Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit key checks in the decoder fuzzer #24049

Closed
wants to merge 2 commits into from
Closed

Limit key checks in the decoder fuzzer #24049

wants to merge 2 commits into from

Conversation

t8m
Copy link
Member

@t8m t8m commented Apr 5, 2024

In particular the DH safe prime check will be limited to 8192 bits and the private and pairwise checks are limited to 16384 bits on any key types.

Checklist
  • documentation is added or updated

t8m added 2 commits April 5, 2024 16:29
@t8m
fuzz/decoder.c: Limit the key sizes on which checks are run
8327465 
In particular the DH safe prime check will be limited to 8192 bits
and the private and pairwise checks are limited to 16384 bits on
any key types.
@t8m
Document that private and pairwise checks are not bounded by key size
a3a905b
@t8m t8m added branch: master Merge to master branch approval: review pending This pull request needs review by a committer approval: otc review pending This pull request needs review by an OTC member triaged: bug The issue/pr is/fixes a bug triaged: documentation The issue/pr deals with documentation (errors) branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 tests: exempted The PR is exempt from requirements for testing branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 labels Apr 5, 2024
@t8m t8m requested a review from kroeckx April 5, 2024 14:33
@t8m t8m mentioned this pull request Apr 5, 2024
Closed
@nhorman nhorman removed their assignment Apr 5, 2024
@slontis slontis removed the approval: otc review pending This pull request needs review by an OTC member label Apr 8, 2024
@t8m t8m added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Apr 8, 2024
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Apr 9, 2024
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request Apr 10, 2024
@t8m
fuzz/decoder.c: Limit the key sizes on which checks are run
297312b 
In particular the DH safe prime check will be limited to 8192 bits
and the private and pairwise checks are limited to 16384 bits on
any key types.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #24049)

(cherry picked from commit 9fc61ba)
openssl-machine pushed a commit that referenced this pull request Apr 10, 2024
@t8m
Document that private and pairwise checks are not bounded by key size
bade67d 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #24049)

(cherry picked from commit 27005ce)
openssl-machine pushed a commit that referenced this pull request Apr 10, 2024
@t8m
fuzz/decoder.c: Limit the key sizes on which checks are run
9fc61ba 
In particular the DH safe prime check will be limited to 8192 bits
and the private and pairwise checks are limited to 16384 bits on
any key types.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #24049)
openssl-machine pushed a commit that referenced this pull request Apr 10, 2024
@t8m
Document that private and pairwise checks are not bounded by key size
27005ce 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #24049)
openssl-machine pushed a commit that referenced this pull request Apr 10, 2024
@t8m
fuzz/decoder.c: Limit the key sizes on which checks are run
5309311 
In particular the DH safe prime check will be limited to 8192 bits
and the private and pairwise checks are limited to 16384 bits on
any key types.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #24049)

(cherry picked from commit 9fc61ba)
openssl-machine pushed a commit that referenced this pull request Apr 10, 2024
@t8m
Document that private and pairwise checks are not bounded by key size
249a713 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #24049)

(cherry picked from commit 27005ce)
openssl-machine pushed a commit that referenced this pull request Apr 10, 2024
@t8m
Document that private and pairwise checks are not bounded by key size
9ed416b 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #24049)

(cherry picked from commit 27005ce)
@t8m
Copy link
Member Author

t8m commented Apr 10, 2024

Merged to all the active branches. (in 3.1 and 3.0 only the documentation improvement as the fuzz test is not there) Thank you for the reviews.

@t8m t8m closed this Apr 10, 2024
openssl-machine pushed a commit that referenced this pull request Apr 10, 2024
@t8m
Document that private and pairwise checks are not bounded by key size
2be64a7 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from #24049)

(cherry picked from commit 27005ce)
@t8m t8m mentioned this pull request Apr 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nhorman nhorman nhorman approved these changes

@slontis slontis slontis approved these changes

@kroeckx kroeckx Awaiting requested review from kroeckx

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 branch: 3.2 Merge to openssl-3.2 branch: 3.3 Merge to openssl-3.3 tests: exempted The PR is exempt from requirements for testing triaged: bug The issue/pr is/fixes a bug triaged: documentation The issue/pr deals with documentation (errors)
Projects
Project Board
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@t8m @openssl-machine @nhorman @slontis