kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
cd24a39f1b
boringssl/ssl
History
David Benjamin cd24a39f1b Limit DHE groups to 4096-bit. 
dh.c had a 10k-bit limit but it wasn't quite correctly enforced. However,
that's still 1.12s of jank on the IO thread, which is too long. Since the SSL
code consumes DHE groups from the network, it should be responsible for
enforcing what sanity it needs on them.

Costs of various bit lengths on 2013 Macbook Air:
1024 - 1.4ms
2048 - 14ms
3072 - 24ms
4096 - 55ms
5000 - 160ms
10000 - 1.12s

UMA says that DHE groups are 0.2% 4096-bit and otherwise are 5.5% 2048-bit and
94% 1024-bit and some noise. Set the limit to 4096-bit to be conservative,
although that's already quite a lot of jank.

BUG=554295

Change-Id: I8e167748a67e4e1adfb62d73dfff094abfa7d215
Reviewed-on: https://boringssl-review.googlesource.com/6464
Reviewed-by: Adam Langley <agl@google.com>
2015-11-11 22:18:39 +00:00
..
pqueue Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
test Limit DHE groups to 4096-bit. 2015-11-11 22:18:39 +00:00
CMakeLists.txt Fix shared library build on OS X. 2015-10-26 23:39:47 +00:00
custom_extensions.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
d1_both.c Rewrite DTLS handshake message sending logic. 2015-11-06 21:43:32 +00:00
d1_clnt.c Add missing state to DTLS state machine. 2015-11-06 20:34:48 +00:00
d1_lib.c Separate CCS and handshake writing in DTLS. 2015-11-04 00:11:14 +00:00
d1_meth.c Ditch remaining filename comments from public headers and ssl/ 2015-10-20 18:40:05 +00:00
d1_pkt.c Don't use ssl3_write_pending in DTLS. 2015-11-02 23:17:24 +00:00
d1_srtp.c Fix a missing initializer that only Clang warns about. 2015-10-30 17:24:03 -07:00
d1_srvr.c Add server-side support for asynchronous RSA decryption. 2015-10-26 20:26:20 +00:00
dtls_record.c Reject empty records of unexpected type. 2015-08-28 22:03:00 +00:00
internal.h Add SSL_get_server_key_exchange_hash. 2015-11-06 22:35:28 +00:00
s3_both.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
s3_clnt.c Limit DHE groups to 4096-bit. 2015-11-11 22:18:39 +00:00
s3_enc.c Change some "int" variables to "size_t" in ssl3_handshake_mac(). 2015-09-24 00:04:59 +00:00
s3_lib.c Add SSL_CIPHER_get_min_version and tidy up SSL_TLSV1_2 logic. 2015-11-06 19:56:29 +00:00
s3_meth.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
s3_pkt.c Add ssl_renegotiate_ignore. 2015-11-03 21:58:13 +00:00
s3_srvr.c Add SSL_get_server_key_exchange_hash. 2015-11-06 22:35:28 +00:00
ssl_aead_ctx.c Revert most of "Refactor ChaCha20-Poly1305 AEAD nonce handling." 2015-10-29 18:40:33 +00:00
ssl_asn1.c Fix all sign/unsigned warnings with Clang and GCC. 2015-10-27 22:48:00 +00:00
ssl_buffer.c Fix DTLS asynchronous write handling. 2015-11-02 23:16:22 +00:00
ssl_cert.c Document certificate verification functions in SSL. 2015-09-23 23:31:18 +00:00
ssl_cipher.c Add various functions for SSL_CIPHER. 2015-11-06 19:26:22 +00:00
ssl_file.c More SSL_SESSION serialization functions. 2015-10-26 17:57:50 +00:00
ssl_lib.c Fix build. 2015-11-06 22:58:14 +00:00
ssl_rsa.c Add server-side support for asynchronous RSA decryption. 2015-10-26 20:26:20 +00:00
ssl_session.c Tidy up SSL_CTX_add_session. 2015-10-26 19:22:40 +00:00
ssl_stat.c Document alert handling. 2015-10-20 19:03:24 +00:00
ssl_test.cc Refactor ChaCha20-Poly1305 AEAD nonce handling. 2015-10-27 01:01:42 +00:00
t1_enc.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
t1_lib.c Move curve check out of tls12_check_peer_sigalg. 2015-11-11 22:15:16 +00:00
tls_record.c Add use counters for SSL_OP_TLS_D5_BUG and SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER. 2015-10-20 18:22:47 +00:00