From: Matt Caswell <matt@openssl.org>
Date: Thu, 13 Jul 2023 15:14:49 +0000 (+0100)
Subject: Update CHANGES/NEWS for CVE-2023-3446
X-Git-Tag: OpenSSL_1_1_1v~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97b4f2b515ffd3ce91c6d5cd6d04614a4a15d7df;p=thirdparty%2Fopenssl.git

Update CHANGES/NEWS for CVE-2023-3446

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21452)
---

diff --git a/CHANGES b/CHANGES
index c71bc9a139e..98146477463 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,22 @@
 
  Changes between 1.1.1u and 1.1.1v [xx XXX xxxx]
 
- *)
+ *) Fix DH_check() excessive time with over sized modulus
+
+    The function DH_check() performs various checks on DH parameters. One of
+    those checks confirms that the modulus ("p" parameter) is not too large.
+    Trying to use a very large modulus is slow and OpenSSL will not normally use
+    a modulus which is over 10,000 bits in length.
+
+    However the DH_check() function checks numerous aspects of the key or
+    parameters that have been supplied. Some of those checks use the supplied
+    modulus value even if it has already been found to be too large.
+
+    A new limit has been added to DH_check of 32,768 bits. Supplying a
+    key/parameters with a modulus over this size will simply cause DH_check()
+    to fail.
+    (CVE-2023-3446)
+    [Matt Caswell]
 
  Changes between 1.1.1t and 1.1.1u [30 May 2023]
 
diff --git a/NEWS b/NEWS
index b85cba4d983..18db142bcde 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,7 @@
 
   Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [under development]
 
-      o
+      o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
 
   Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]