Add CHANGES/NEWS for CVE-2023-3817

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21551)

diff --git a/CHANGES b/CHANGES
index 9814647746355b0a9cc9b2d9f3a76afe3ea3912b..558aeb849a991f561445300db2337a108a0f923d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,22 @@
 
  Changes between 1.1.1u and 1.1.1v [xx XXX xxxx]
 
+ *) Fix excessive time spent checking DH q parameter value.
+
+    The function DH_check() performs various checks on DH parameters. After
+    fixing CVE-2023-3446 it was discovered that a large q parameter value can
+    also trigger an overly long computation during some of these checks.
+    A correct q value, if present, cannot be larger than the modulus p
+    parameter, thus it is unnecessary to perform these checks if q is larger
+    than p.
+
+    If DH_check() is called with such q parameter value,
+    DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
+    intensive checks are skipped.
+
+    (CVE-2023-3817)
+    [Tomáš Mráz]
+
  *) Fix DH_check() excessive time with over sized modulus
 
     The function DH_check() performs various checks on DH parameters. One of

diff --git a/NEWS b/NEWS
index 18db142bcdea667860c61a1accc497e744606b15..5882d9f66d90ae514eddbb58756152c083f620c3 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@
 
   Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [under development]
 
+      o Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
       o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
 
   Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]