diff options
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 58d06ae498..ffef5c25c9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -81,6 +81,28 @@ OpenSSL 3.2 ### Changes between 3.2.0 and 3.2.1 [xx XXX xxxx] + * When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time. + + An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack. + + The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the "-pubin" and "-check" options on untrusted data. + + To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will + now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason. + + ([CVE-2023-6237]) + + *Tomáš Mráz* + * Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey rather than SM2. @@ -20412,6 +20434,7 @@ ndif <!-- Links --> +[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 |