diff options
author | Matt Caswell <matt@openssl.org> | 2023-07-13 16:14:49 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-07-19 11:21:36 +0200 |
commit | 1ec281fc6d40c15d41ca0f762e753743b2643d7a (patch) | |
tree | 191c03b32d28d0f4cea0d987ee63cce488821ce9 /CHANGES.md | |
parent | 8a62fd996cb1c22383ec75b4155d54dec4a1b0ee (diff) |
Update CHANGES/NEWS for CVE-2023-3446
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
(cherry picked from commit 4ec53ad6e1791daafbe26bdbd539f2ba9172959a)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 2b928c7720..89b44998ee 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,25 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 3.0.9 and 3.0.10 [xx XXX xxxx] + * Fix DH_check() excessive time with over sized modulus + + The function DH_check() performs various checks on DH parameters. One of + those checks confirms that the modulus ("p" parameter) is not too large. + Trying to use a very large modulus is slow and OpenSSL will not normally use + a modulus which is over 10,000 bits in length. + + However the DH_check() function checks numerous aspects of the key or + parameters that have been supplied. Some of those checks use the supplied + modulus value even if it has already been found to be too large. + + A new limit has been added to DH_check of 32,768 bits. Supplying a + key/parameters with a modulus over this size will simply cause DH_check() to + fail. + + ([CVE-2023-3446]) + + *Matt Caswell* + * Do not ignore empty associated data entries with AES-SIV. The AES-SIV algorithm allows for authentication of multiple associated @@ -19672,6 +19691,7 @@ ndif <!-- Links --> +[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 [RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 |