openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Update CHANGES/NEWS for CVE-2023-3446 

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
This commit is contained in:
Matt Caswell 2023-07-13 16:14:49 +01:00 committed by Tomas Mraz
parent ede782b4c8
commit 4ec53ad6e1
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CHANGES.md
View File

@ -286,6 +286,25 @@ OpenSSL 3.1
### Changes between 3.1.1 and 3.1.2 [xx XXX xxxx]
* Fix DH_check() excessive time with over sized modulus
The function DH_check() performs various checks on DH parameters. One of
those checks confirms that the modulus ("p" parameter) is not too large.
Trying to use a very large modulus is slow and OpenSSL will not normally use
a modulus which is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the supplied
modulus value even if it has already been found to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying a
key/parameters with a modulus over this size will simply cause DH_check() to
fail.
([CVE-2023-3446])
*Matt Caswell*
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
@ -20031,6 +20050,7 @@ ndif
<!-- Links -->
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650

2
NEWS.md
View File

@ -39,6 +39,7 @@ OpenSSL 3.1
### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [under development]
* Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
* Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
* When building with the `enable-fips` option and using the resulting
FIPS provider, TLS 1.2 will, by default, mandate the use of an
@ -1480,6 +1481,7 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255