Update CHANGES/NEWS for CVE-2023-3446

Reviewed-by: N Paul Dale <pauli@openssl.org> Reviewed-by: N Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: N Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21451) (cherry picked from commit 4ec53ad6e1791daafbe26bdbd539f2ba9172959a) Signed-off-by: N code4lala <fengziteng2@huawei.com>

Update CHANGES/NEWS for CVE-2023-3446
Reviewed-by: N Paul Dale <pauli@openssl.org> Reviewed-by: N Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: N Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21451) (cherry picked from commit 4ec53ad6e1791daafbe26bdbd539f2ba9172959a) Signed-off-by: N code4lala <fengziteng2@huawei.com>
64928fc2 · Matt Caswell · code4lala · 9a81b024 · 64928fc2 · 64928fc2
显示空白变更内容
内联并排

Showing with 22 addition and 0 deletion

CHANGES.md CHANGES.md +20 -0

NEWS.md NEWS.md +2 -0

未找到文件。
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -28,6 +28,25 @@ breaking changes, and mappings for the large list of deprecated functions.

 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod

+ * Fix DH_check() excessive time with over sized modulus
+
+   The function DH_check() performs various checks on DH parameters. One of
+   those checks confirms that the modulus ("p" parameter) is not too large.
+   Trying to use a very large modulus is slow and OpenSSL will not normally use
+   a modulus which is over 10,000 bits in length.
+
+   However the DH_check() function checks numerous aspects of the key or
+   parameters that have been supplied. Some of those checks use the supplied
+   modulus value even if it has already been found to be too large.
+
+   A new limit has been added to DH_check of 32,768 bits. Supplying a
+   key/parameters with a modulus over this size will simply cause DH_check() to
+   fail.
+
+   ([CVE-2023-3446])
+
+   *Matt Caswell*
+
 * Do not ignore empty associated data entries with AES-SIV.

   The AES-SIV algorithm allows for authentication of multiple associated
@@ -19495,6 +19514,7 @@ ndif

 <!-- Links -->

+[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
 [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466

--- a/NEWS.md
+++ b/NEWS.md
@@ -17,6 +17,7 @@ OpenSSL Releases

 OpenSSL 3.0
 -----------
+  * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
  * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
  * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
    IDENTIFIER sub-identities.  ([CVE-2023-2650])
@@ -1425,6 +1426,7 @@ OpenSSL 0.9.x

 <!-- Links -->

+[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
 [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466