]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 59c415a)
fuzz/decoder.c: Lower the limits on key checks
authorTomas Mraz <tomas@openssl.org>
Tue, 2 Jul 2024 13:36:03 +0000 (15:36 +0200)
committerNeil Horman <nhorman@openssl.org>
Fri, 5 Jul 2024 11:45:53 +0000 (07:45 -0400)
These checks still take too long time on clusterfuzz
so they are longer than the timeout limit.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24781)

fuzz/decoder.c patch | blob | blame | history

diff --git a/fuzz/decoder.c b/fuzz/decoder.c
index 4888c5cd40e46ba5972665aee6a744c40685722b..f8758d5e344e38d4caee3f81a0dac7e6823aa502 100644 (file)
--- a/fuzz/decoder.c
+++ b/fuzz/decoder.c
@@ -69,12 +69,12 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
          * Skip it.
          */
         if ((!EVP_PKEY_is_a(pkey, "DH") && !EVP_PKEY_is_a(pkey, "DHX"))
-            || EVP_PKEY_get_bits(pkey) <= 8192)
+            || EVP_PKEY_get_bits(pkey) <= 2048)
             EVP_PKEY_param_check(ctx);
 
         EVP_PKEY_public_check(ctx);
         /* Private and pairwise checks are unbounded, skip for large keys. */
-        if (EVP_PKEY_get_bits(pkey) <= 16384) {
+        if (EVP_PKEY_get_bits(pkey) <= 4096) {
             EVP_PKEY_private_check(ctx);
             EVP_PKEY_pairwise_check(ctx);
         }
Mirror of https://github.com/openssl/openssl.git