summaryrefslogtreecommitdiffstats
path: root/CHANGES.md
diff options
context:
space:
mode:
Diffstat (limited to 'CHANGES.md')
-rw-r--r--CHANGES.md23
1 files changed, 23 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 58d06ae498..ffef5c25c9 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -81,6 +81,28 @@ OpenSSL 3.2
### Changes between 3.2.0 and 3.2.1 [xx XXX xxxx]
+ * When function EVP_PKEY_public_check() is called on RSA public keys,
+ a computation is done to confirm that the RSA modulus, n, is composite.
+ For valid RSA keys, n is a product of two or more large primes and this
+ computation completes quickly. However, if n is an overly large prime,
+ then this computation would take a long time.
+
+ An application that calls EVP_PKEY_public_check() and supplies an RSA key
+ obtained from an untrusted source could be vulnerable to a Denial of Service
+ attack.
+
+ The function EVP_PKEY_public_check() is not called from other OpenSSL
+ functions however it is called from the OpenSSL pkey command line
+ application. For that reason that application is also vulnerable if used
+ with the "-pubin" and "-check" options on untrusted data.
+
+ To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
+ now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
+
+ ([CVE-2023-6237])
+
+ *Tomáš Mráz*
+
* Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to
have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey
rather than SM2.
@@ -20412,6 +20434,7 @@ ndif
<!-- Links -->
+[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363