CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2019/04/13 12:42:23
Modified files:
lib/libcrypto/x509v3: v3_utl.c
Log message:
Avoid quadratic behavior of decimal BIGNUM conversion
The complexity of BN_bn2dec(bn) is quadratic in the length of bn. This
function is used for printing numbers in CRLs which are typically small.
If a BN is larger than 127 bits, dump it as hex because that's cheap and
for numbers this size not significantly harder for humans to parse.
OpenSSL commit 10a3195fcf7d04ba519651cf12e945a8fe470a3c by David Benjamin
(still under the old licence), but significantly simplified.
Ideally, we would catch excessively large numbers on deserialization, but
that is made trickier by the templated ASN1. Erroring out is also not an
option since the relevant part of the x509v3/ directory doesn't like to
do proper error checking (looking at you v2i and i2v).
Timeout found by oss-fuzz, should fix issues #13823 and #14130.
input & ok jsing
