zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add CHANGES.md and NEWS.md entries for CVE-2023-6237

Browse Source 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
This commit is contained in:
Tomas Mraz 2024-01-09 18:08:22 +01:00
parent e09fc1d746
commit 38b2508f63
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
CHANGES.md
View File

@ -81,6 +81,28 @@ OpenSSL 3.2
### Changes between 3.2.0 and 3.2.1 [xx XXX xxxx] ### Changes between 3.2.0 and 3.2.1 [xx XXX xxxx]
* When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
([CVE-2023-6237])
*Tomáš Mráz*
* Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to * Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to
have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey
rather than SM2. rather than SM2.
@ -20412,6 +20434,7 @@ ndif
<!-- Links --> <!-- Links -->
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

6
NEWS.md
View File

@ -31,7 +31,10 @@ OpenSSL 3.2
### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [under development] ### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [under development]
* Fix POLY1305 MAC implementation corrupting vector registers on PowerPC * Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07 CPUs which support PowerISA 2.07
([CVE-2023-6129]) ([CVE-2023-6129])
@ -1582,6 +1585,7 @@ OpenSSL 0.9.x
<!-- Links --> <!-- Links -->
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363