diff options
author | Matt Caswell <matt@openssl.org> | 2023-07-13 16:14:49 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-07-19 11:20:05 +0200 |
commit | 4ec53ad6e1791daafbe26bdbd539f2ba9172959a (patch) | |
tree | af721520e675a684cc20de87e3a857c5928cea32 /CHANGES.md | |
parent | ede782b4c8868d1f09c9cd237f82b6f35b7dba8b (diff) |
Update CHANGES/NEWS for CVE-2023-3446
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 6cfba54e72..28ed897231 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -286,6 +286,25 @@ OpenSSL 3.1 ### Changes between 3.1.1 and 3.1.2 [xx XXX xxxx] + * Fix DH_check() excessive time with over sized modulus + + The function DH_check() performs various checks on DH parameters. One of + those checks confirms that the modulus ("p" parameter) is not too large. + Trying to use a very large modulus is slow and OpenSSL will not normally use + a modulus which is over 10,000 bits in length. + + However the DH_check() function checks numerous aspects of the key or + parameters that have been supplied. Some of those checks use the supplied + modulus value even if it has already been found to be too large. + + A new limit has been added to DH_check of 32,768 bits. Supplying a + key/parameters with a modulus over this size will simply cause DH_check() to + fail. + + ([CVE-2023-3446]) + + *Matt Caswell* + * Do not ignore empty associated data entries with AES-SIV. The AES-SIV algorithm allows for authentication of multiple associated @@ -20031,6 +20050,7 @@ ndif <!-- Links --> +[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 [RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 |