| Description: | Issue summary: Checking excessively long DH keys or parameters may be
very slow. Impact summary: Applications that use the functions
DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key
or DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an untrusted
source this may lead to a Denial of Service. The function DH_check()
performs various checks on DH parameters. After fixing CVE-2023-3446
it was discovered that a large q parameter value can also trigger an
overly long computation during some of these checks. A correct q
value, if present, cannot be larger than the modulus p parameter, thus
it is unnecessary to perform these checks if q is larger than p. An
application that calls DH_check() and supplies a key or parameters
obtained from an untrusted source could be vulnerable to a Denial of
Service attack. The function DH_check() is itself called by a number
of other OpenSSL functions. An application calling any of those other
functions may similarly be affected. The other functions affected by
this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are
the OpenSSL dhparam and pkeyparam command line applications when using
the "-check" option. The OpenSSL SSL/TLS implementation is not
affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not
affected by this issue.
|
