[openssl/openssl] da343d: Check DSA parameters for excessive sizes before va...

Thu, 16 May 2024 06:49:15 -0700 

  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: da343d0605c826ef197aceedc67e8e04f065f740
      
https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740
  Author: Tomas Mraz <to...@openssl.org>
  Date:   2024-05-16 (Thu, 16 May 2024)

  Changed paths:
    M CHANGES.md
    M crypto/dsa/dsa_check.c
    A test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem

  Log Message:
  -----------
  Check DSA parameters for excessive sizes before validating

This avoids overly long computation of various validation
checks.

Fixes CVE-2024-4603

Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Matt Caswell <m...@openssl.org>
Reviewed-by: Neil Horman <nhor...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24346)

(cherry picked from commit 85ccbab216da245cf9a6503dd327072f21950d9b)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

Reply via email to