Changes between 1.1.1m and 1.1.1n [xx XXX xxxx]
+ *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
+ for non-prime moduli.
+
+ Internally this function is used when parsing certificates that contain
+ elliptic curve public keys in compressed form or explicit elliptic curve
+ parameters with a base point encoded in compressed form.
+
+ It is possible to trigger the infinite loop by crafting a certificate that
+ has invalid explicit curve parameters.
+
+ Since certificate parsing happens prior to verification of the certificate
+ signature, any process that parses an externally supplied certificate may
+ thus be subject to a denial of service attack. The infinite loop can also
+ be reached when parsing crafted private keys as they can contain explicit
+ elliptic curve parameters.
+
+ Thus vulnerable situations include:
+
+ - TLS clients consuming server certificates
+ - TLS servers consuming client certificates
+ - Hosting providers taking certificates or private keys from customers
+ - Certificate authorities parsing certification requests from subscribers
+ - Anything else which parses ASN.1 elliptic curve parameters
+
+ Also any other applications that use the BN_mod_sqrt() where the attacker
+ can control the parameter values are vulnerable to this DoS issue.
+ (CVE-2022-0778)
+ [Tomáš Mráz]
+
*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
to the list of ciphersuites providing Perfect Forward Secrecy as
required by SECLEVEL >= 3.
Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [under development]
- o
+ o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
+ forever for non-prime moduli ([CVE-2022-0778])
Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
projects / thirdparty / openssl.git / commitdiff
