Update CHANGES/NEWS for CVE-2023-3446

mattcaswell · Jul 13, 2023 · 12c62ac · 12c62ac
1 parent d59937a
commit 12c62ac
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 2 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -284,7 +284,27 @@ OpenSSL 3.2
 OpenSSL 3.1
 -----------
 
-### Changes between 3.1.0 and 3.1.1 [xx XXX xxxx]
+### Changes between 3.1.1 and 3.1.2 [xx XXX xxxx]
+
+ * Fix DH_check() excessive time with over sized modulus
+
+  The function DH_check() performs various checks on DH parameters. One of those
+  checks confirms that the modulus ("p" parameter) is not too large. Trying to use
+  a very large modulus is slow and OpenSSL will not normally use a modulus which
+  is over 10,000 bits in length.
+
+  However the DH_check() function checks numerous aspects of the key or parameters
+  that have been supplied. Some of those checks use the supplied modulus value
+  even if it has already been found to be too large.
+
+  A new limit has been added to DH_check of 32,768 bits. Supply a key/parameters
+  with a modulus over this size will simply cause DH_check() to fail.
+
+  ([CVE-2023-3446])
+
+   *Matt Caswell*
+
+### Changes between 3.1.0 and 3.1.1 [30 May 2023]
 
  * Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
    OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
@@ -20002,6 +20022,7 @@ ndif
 
 <!-- Links -->
 
+[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
 [RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
 [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255

diff --git a/NEWS.md b/NEWS.md
@@ -37,7 +37,11 @@ OpenSSL 3.2
 OpenSSL 3.1
 -----------
 
-### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [under development]
+### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [under development]
+
+  * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
+
+### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023]
 
   * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
     IDENTIFIER sub-identities.  ([CVE-2023-2650])
@@ -1472,6 +1476,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
 [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466