From 96f1baaaa7b607ad4721b7ff9730c62dc6192552 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 13 Jul 2023 16:14:49 +0100
Subject: [PATCH] Update CHANGES/NEWS for CVE-2023-3446

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21452)

Signed-off-by: code4lala <fengziteng2@huawei.com>
---
 CHANGES | 16 ++++++++++++++++
 NEWS    |  1 +
 2 files changed, 17 insertions(+)

diff --git a/CHANGES b/CHANGES
index 79a7f04378..49d3dc3a5d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,22 @@
  For a full list of changes, see the git commit log; for example,
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
+ *) Fix DH_check() excessive time with over sized modulus
+
+    The function DH_check() performs various checks on DH parameters. One of
+    those checks confirms that the modulus ("p" parameter) is not too large.
+    Trying to use a very large modulus is slow and OpenSSL will not normally use
+    a modulus which is over 10,000 bits in length.
+
+    However the DH_check() function checks numerous aspects of the key or
+    parameters that have been supplied. Some of those checks use the supplied
+    modulus value even if it has already been found to be too large.
+
+    A new limit has been added to DH_check of 32,768 bits. Supplying a
+    key/parameters with a modulus over this size will simply cause DH_check()
+    to fail.
+    (CVE-2023-3446)
+    [Matt Caswell]
 
   *) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
      OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
diff --git a/NEWS b/NEWS
index eb2d6f9df9..cfffa3b5b7 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@
 
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
+      o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
       o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
       o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
         OBJECT IDENTIFIER sub-identities.  (CVE-2023-2650)
-- 
GitLab