)]}' { "commit": "3fd8220e3c88365627ecd1af7c29f5096ff9cefd", "tree": "b9e19bacddeaf5c2e1e08cb26e94d3cebbb0342f", "parents": [ "913c14be725d9c9081b24ba1a2b81d14a3e8a179" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sat Jul 05 21:34:16 2025 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Jul 07 11:34:32 2025 -0700" }, "message": "Drop the RSA, DSA, and DH DoS limits to 8,192 bits\n\nRSA-8192 is already too big. This avoids needing to worry about\nbn_mul_mont allocating more than a page of stack memory, makes it a lot\nmore comfortable to just stack-allocate all Montgomery temporaries.\n\nAlso RSA operations scale quadratically or cubicly. For reference, on my\nmachine:\n\nDid 1638 RSA 2048 signing operations in 1015740us (1612.6 ops/sec)\nDid 82000 RSA 2048 verify (same key) operations in 1000238us (81980.5 ops/sec)\nDid 70000 RSA 2048 verify (fresh key) operations in 1001850us (69870.7 ops/sec)\nDid 13580 RSA 2048 private key parse operations in 1013849us (13394.5 ops/sec)\n\nDid 611 RSA 3072 signing operations in 1038497us (588.4 ops/sec)\nDid 39000 RSA 3072 verify (same key) operations in 1009250us (38642.6 ops/sec)\nDid 34000 RSA 3072 verify (fresh key) operations in 1005116us (33826.9 ops/sec)\nDid 7799 RSA 3072 private key parse operations in 1016058us (7675.7 ops/sec)\n\nDid 276 RSA 4096 signing operations in 1008941us (273.6 ops/sec)\nDid 23000 RSA 4096 verify (same key) operations in 1029290us (22345.5 ops/sec)\nDid 20000 RSA 4096 verify (fresh key) operations in 1006214us (19876.5 ops/sec)\nDid 5137 RSA 4096 private key parse operations in 1001233us (5130.7 ops/sec)\n\nDid 39 RSA 8192 signing operations in 1012397us (38.5 ops/sec)\nDid 6039 RSA 8192 verify (same key) operations in 1061168us (5690.9 ops/sec)\nDid 5181 RSA 8192 verify (fresh key) operations in 1000616us (5177.8 ops/sec)\nDid 1749 RSA 8192 private key parse operations in 1074560us (1627.6 ops/sec)\n\nDid 6 RSA 16834 signing operations in 1147874us (5.2 ops/sec)\nDid 1562 RSA 16834 verify (same key) operations in 1086732us (1437.3 ops/sec)\nDid 1386 RSA 16834 verify (fresh key) operations in 1057798us (1310.3 ops/sec)\nDid 440 RSA 16834 private key parse operations in 1039747us (423.2 ops/sec)\n\nThis change removes our exposure to the last of these. Also align limits\nfor legacy DSA and DH so that Montgomery reduction can rely on this.\n\nUpdate-Note: This lowers our maximum key sizes:\n- The maximum RSA modulus size is now 8,192 bits, down from 16,384 bits\n- The maximum DSA p is now 8,192 bits, down from 10,000 bits\n- The maximum DH p is now 8,192 bits, down from 10,000 bits\n\nFixed: 402677800\nChange-Id: I52c0205af568b66a2fbc586b1c7300e13a47c7ab\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/80287\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "39ed1199eba02ded0c5b16d41f308e0e76eadb3b", "old_mode": 33188, "old_path": "build.json", "new_id": "dfcfc7102b505d5cb0203b277617e5ebb397e9c5", "new_mode": 33188, "new_path": "build.json" }, { "type": "modify", "old_id": "54bb514fc4835185e3d7817aca051bda343c931f", "old_mode": 33188, "old_path": "crypto/fipsmodule/bn/internal.h", "new_id": "9e54b41ab44e485178edc1a05bcbcfb0df50364a", "new_mode": 33188, "new_path": "crypto/fipsmodule/bn/internal.h" }, { "type": "modify", "old_id": "61048ea613e8b2f3c03bac853b634e9b1451c324", "old_mode": 33188, "old_path": "crypto/rsa/rsa_test.cc", "new_id": "7a65f7ab5b31256fac52b07824580ab51f0117a3", "new_mode": 33188, "new_path": "crypto/rsa/rsa_test.cc" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "fc5d71aae41c7eb54961be6155675b86d381d9d4", "new_mode": 33188, "new_path": "crypto/rsa/test/rsa511.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "204a813b6dc5fc3c3edbfe54779f520e65dbb9d9", "new_mode": 33188, "new_path": "crypto/rsa/test/rsa511pub.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "17ed85ac3adfbad8f1f5b4af473380bc521fc997", "new_mode": 33188, "new_path": "crypto/rsa/test/rsa512.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "49f8e63d9420b851f54035a057b14c7e40c4faf7", "new_mode": 33188, "new_path": "crypto/rsa/test/rsa512pub.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "397ef6f9fd040089570ad45ae04c5734b16292db", "new_mode": 33188, "new_path": "crypto/rsa/test/rsa8192.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "eec24a68c601df863df37f800e59ee00d2c4544d", "new_mode": 33188, "new_path": "crypto/rsa/test/rsa8192pub.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "7b9d0850ec99f7ae0b91473cf3d389414a3f1e7d", "new_mode": 33188, "new_path": "crypto/rsa/test/rsa8193.pem" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "864137fcb9c8592ccee3dd45d175d39c546ac4a1", "new_mode": 33188, "new_path": "crypto/rsa/test/rsa8193pub.pem" }, { "type": "modify", "old_id": "57bd2175a95b9b90f9dcba7193aed22d19bc0685", "old_mode": 33188, "old_path": "gen/sources.bzl", "new_id": "2ba9852eb4942643b60134fd70b0fe77394cced1", "new_mode": 33188, "new_path": "gen/sources.bzl" }, { "type": "modify", "old_id": "5adf810003a778e4015cba4a684bbb9a3bb5fdb9", "old_mode": 33188, "old_path": "gen/sources.cmake", "new_id": "9c1805751af50ef4a998b5462219820e86a84c9a", "new_mode": 33188, "new_path": "gen/sources.cmake" }, { "type": "modify", "old_id": "37761d85002d2e2910cf2e07f9b5e96909af25be", "old_mode": 33188, "old_path": "gen/sources.gni", "new_id": "3c57bc89f86cfab600f01248ed177d45494cdeff", "new_mode": 33188, "new_path": "gen/sources.gni" }, { "type": "modify", "old_id": "da10b20a7aa2b8a5a8fff5fc6d301fb5c6cb8ff5", "old_mode": 33188, "old_path": "gen/sources.json", "new_id": "bdd4102cc39f304dfb8e72b6dd816bac6b11a9ac", "new_mode": 33188, "new_path": "gen/sources.json" }, { "type": "modify", "old_id": "2d9339c5fd30b00cc57ffbde0b75372a0f1027dc", "old_mode": 33188, "old_path": "gen/sources.mk", "new_id": "e683dc943775a05078594b5706c8799cda7276f2", "new_mode": 33188, "new_path": "gen/sources.mk" }, { "type": "modify", "old_id": "b9287b732a96ebfb0198e8cea029c9397d59d088", "old_mode": 33188, "old_path": "include/openssl/dh.h", "new_id": "4397d0e5425d01635b983f27e997dcdcff791392", "new_mode": 33188, "new_path": "include/openssl/dh.h" }, { "type": "modify", "old_id": "9b3d20c9a28042d344ac431e0084f54db3ae7304", "old_mode": 33188, "old_path": "include/openssl/dsa.h", "new_id": "9b502861391452ef09e9eb900f5a5aff2425ce8c", "new_mode": 33188, "new_path": "include/openssl/dsa.h" }, { "type": "modify", "old_id": "833d8601b1a718f9eade479d3285a902aa9ef926", "old_mode": 33188, "old_path": "include/openssl/rsa.h", "new_id": "d948b193eb379688d82779d7517330fde351142f", "new_mode": 33188, "new_path": "include/openssl/rsa.h" } ] }