diff options
author | Matt Caswell <matt@openssl.org> | 2023-07-13 16:14:49 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-07-19 11:21:20 +0200 |
commit | 047a4c5c3284fc22f9842402ce210242d01df877 (patch) | |
tree | 7b07a326d97fe3bbcfccbc01a0673c5c05f8261b /CHANGES.md | |
parent | 4791e79b8803924b28c19af4d4036ad85335110d (diff) |
Update CHANGES/NEWS for CVE-2023-3446
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
(cherry picked from commit 4ec53ad6e1791daafbe26bdbd539f2ba9172959a)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index c63551d92a..3a716ee8e2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,25 @@ OpenSSL 3.1 ### Changes between 3.1.1 and 3.1.2 [xx XXX xxxx] + * Fix DH_check() excessive time with over sized modulus + + The function DH_check() performs various checks on DH parameters. One of + those checks confirms that the modulus ("p" parameter) is not too large. + Trying to use a very large modulus is slow and OpenSSL will not normally use + a modulus which is over 10,000 bits in length. + + However the DH_check() function checks numerous aspects of the key or + parameters that have been supplied. Some of those checks use the supplied + modulus value even if it has already been found to be too large. + + A new limit has been added to DH_check of 32,768 bits. Supplying a + key/parameters with a modulus over this size will simply cause DH_check() to + fail. + + ([CVE-2023-3446]) + + *Matt Caswell* + * Do not ignore empty associated data entries with AES-SIV. The AES-SIV algorithm allows for authentication of multiple associated @@ -19796,6 +19815,7 @@ ndif <!-- Links --> +[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 [RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 |