> Is there really no use of LHASH tables in OpenSSL where an attacker
> attempting a DoS attack can control the contents of the tables?

The only use of LHASH is in SSL_SESSION and X509_NAME, which use their own 
hashing functions, and are only used after the session and/or certs have been 
cryptographically verified.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to