kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
cd24a39f1b
boringssl/crypto
History
David Benjamin cd24a39f1b Limit DHE groups to 4096-bit. 
dh.c had a 10k-bit limit but it wasn't quite correctly enforced. However,
that's still 1.12s of jank on the IO thread, which is too long. Since the SSL
code consumes DHE groups from the network, it should be responsible for
enforcing what sanity it needs on them.

Costs of various bit lengths on 2013 Macbook Air:
1024 - 1.4ms
2048 - 14ms
3072 - 24ms
4096 - 55ms
5000 - 160ms
10000 - 1.12s

UMA says that DHE groups are 0.2% 4096-bit and otherwise are 5.5% 2048-bit and
94% 1024-bit and some noise. Set the limit to 4096-bit to be conservative,
although that's already quite a lot of jank.

BUG=554295

Change-Id: I8e167748a67e4e1adfb62d73dfff094abfa7d215
Reviewed-on: https://boringssl-review.googlesource.com/6464
Reviewed-by: Adam Langley <agl@google.com>
2015-11-11 22:18:39 +00:00
..
aes Fix the shared builders by exporting GCM symbols. 2015-10-26 23:26:40 +00:00
asn1 Fix several warnings that arise in Android. 2015-10-30 21:11:48 +00:00
base64 Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
bio Don't bother sampling __func__. 2015-11-03 22:50:59 +00:00
bn Add AArch64 Montgomery assembly. 2015-11-10 19:13:46 +00:00
buf Make |BUF_memdup| look for zero length, not NULL. 2015-10-06 18:11:33 -07:00
bytestring Correct the spelling of "primitive". 2015-11-03 21:47:19 +00:00
chacha Change |CRYPTO_chacha_20| to use 96-bit nonces, 32-bit counters. 2015-10-26 23:58:46 +00:00
cipher Add SSL_get_ivs. 2015-11-04 19:45:28 +00:00
cmac Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
conf Move arm_arch.h and fix up lots of include paths. 2015-08-26 01:57:59 +00:00
des Fix shared library build on OS X. 2015-10-26 23:39:47 +00:00
dh Limit DHE groups to 4096-bit. 2015-11-11 22:18:39 +00:00
digest Improve crypto/digest/md32_common.h mechanism. 2015-11-04 00:01:09 +00:00
dsa Unwind DH_METHOD and DSA_METHOD. 2015-11-03 22:54:36 +00:00
ec Require that EC points are on the curve. 2015-11-06 19:35:42 +00:00
ecdh Clean up |ECDH_compute_key|. 2015-10-27 17:00:25 +00:00
ecdsa Add Intel's P-256 2015-11-03 22:08:47 +00:00
engine Unwind DH_METHOD and DSA_METHOD. 2015-11-03 22:54:36 +00:00
err Limit DHE groups to 4096-bit. 2015-11-11 22:18:39 +00:00
evp Fix several warnings that arise in Android. 2015-10-30 21:11:48 +00:00
hkdf Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
hmac Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
lhash Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
md4 Improve crypto/digest/md32_common.h mechanism. 2015-11-04 00:01:09 +00:00
md5 Improve crypto/digest/md32_common.h mechanism. 2015-11-04 00:01:09 +00:00
modes Get rid of all compiler version checks in perlasm files. 2015-10-28 19:33:04 +00:00
obj Move arm_arch.h and fix up lots of include paths. 2015-08-26 01:57:59 +00:00
pem Fix all sign/unsigned warnings with Clang and GCC. 2015-10-27 22:48:00 +00:00
perlasm Get rid of all compiler version checks in perlasm files. 2015-10-28 19:33:04 +00:00
pkcs8 Check PKCS#8 pkey field is valid before cleansing. 2015-11-09 23:06:13 +00:00
poly1305 Fix up several comments and detect problems in the future. 2015-11-05 20:12:45 +00:00
rand Change |CRYPTO_chacha_20| to use 96-bit nonces, 32-bit counters. 2015-10-26 23:58:46 +00:00
rc4 Fix a couple more signed/unsigned compares. 2015-10-27 16:07:26 -07:00
rsa Constify more BN_MONT_CTX parameters. 2015-11-06 20:04:36 +00:00
sha Allow SHA-512 unaligned data access in |OPENSSL_NO_ASM| mode. 2015-11-06 20:06:54 +00:00
stack Move arm_arch.h and fix up lots of include paths. 2015-08-26 01:57:59 +00:00
test Convert ssl3_send_client_hello to CBB. 2015-10-20 17:56:19 +00:00
x509 Fix all sign/unsigned warnings with Clang and GCC. 2015-10-27 22:48:00 +00:00
x509v3 Fix several warnings that arise in Android. 2015-10-30 21:11:48 +00:00
CMakeLists.txt Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
constant_time_test.c
cpu-arm-asm.S Don't probe for NEON with SIGILL on aarch64. 2015-02-03 19:56:25 +00:00
cpu-arm.c Allow ARM capabilities to be set at compile time. 2015-10-20 22:40:15 +00:00
cpu-intel.c Surround immintrin.h includes with warning pragmas. 2015-07-20 20:08:26 +00:00
crypto.c Add no-op functions |CRYPTO_malloc_init| and |ENGINE_load_builtin_engines|. 2015-10-27 16:41:40 +00:00
directory_posix.c Eliminate unnecessary includes from low-level crypto modules. 2015-04-13 20:49:18 +00:00
directory_win.c Eliminate unnecessary includes from low-level crypto modules. 2015-04-13 20:49:18 +00:00
directory.h
ex_data.c Reserve ex_data index zero for app_data. 2015-07-20 16:56:34 +00:00
header_removed.h
internal.h Buffer reads of urandom, if you promise no forking. 2015-09-09 01:02:54 +00:00
mem.c Fix some typos in license headers. 2015-07-29 19:23:51 +00:00
refcount_c11.c Cast refcounts to _Atomic before use. 2015-05-20 13:39:22 -07:00
refcount_lock.c Add infrastructure for reference counts. 2015-05-20 19:14:59 +00:00
refcount_test.c Specify argc and argv arguments to refcount_test:main. 2015-05-20 13:49:41 -07:00
thread_none.c Support Trusty, an embedded platform. 2015-05-08 18:34:55 +00:00
thread_pthread.c Support Trusty, an embedded platform. 2015-05-08 18:34:55 +00:00
thread_test.c Use the correct case for Windows headers. 2015-06-09 21:38:04 +00:00
thread_win.c Support Trusty, an embedded platform. 2015-05-08 18:34:55 +00:00
thread.c Remove leftovers of the old-style locks. 2015-05-20 19:18:44 +00:00
time_support.c Eliminate unnecessary includes from low-level crypto modules. 2015-04-13 20:49:18 +00:00