Skip to content

Fix DH_check() excessive time with oversized modulus #1109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 21, 2023
Merged

Fix DH_check() excessive time with oversized modulus #1109

merged 5 commits into from
Jul 21, 2023

Conversation

@skmcgrail
Copy link
Member

@skmcgrail skmcgrail commented Jul 20, 2023

Description of changes:

Addresses CVE-2023-3446 which was low severity issue reported to OpenSSL on July 13th 2023. (See bulletin.

Excessively long DH keys can be slow to check which may lead to denial of service.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

justsmth
justsmth reviewed Jul 20, 2023
View reviewed changes
samuel40791765
samuel40791765 previously approved these changes Jul 20, 2023
View reviewed changes
torben-hansen
torben-hansen previously approved these changes Jul 20, 2023
View reviewed changes
Copy link
Contributor

@torben-hansen torben-hansen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also note we use 64 rounds of MR, not 128.

justsmth
justsmth previously approved these changes Jul 20, 2023
View reviewed changes
samuel40791765
samuel40791765 previously approved these changes Jul 20, 2023
View reviewed changes
@skmcgrail skmcgrail enabled auto-merge (squash) July 21, 2023 20:48
@skmcgrail skmcgrail merged commit 9545d9d into aws:main Jul 21, 2023
@skmcgrail skmcgrail mentioned this pull request Aug 1, 2023
Merged
@skmcgrail skmcgrail deleted the CVE-2023-3446 branch August 1, 2023 21:29
skmcgrail added a commit to skmcgrail/aws-lc that referenced this pull request Aug 1, 2023
@skmcgrail
Fix DH_check() excessive time with oversized modulus (aws#1109)
5a204d0 
(cherry picked from commit 9545d9d)
@skmcgrail skmcgrail mentioned this pull request Aug 1, 2023
Merged
skmcgrail added a commit to skmcgrail/aws-lc that referenced this pull request Aug 1, 2023
@skmcgrail
Fix DH_check() excessive time with oversized modulus (aws#1109)
f1c36d6 
(cherry picked from commit 9545d9d)
@skmcgrail skmcgrail mentioned this pull request Aug 1, 2023
Merged
skmcgrail added a commit to skmcgrail/aws-lc that referenced this pull request Aug 1, 2023
@skmcgrail
Fix DH_check() excessive time with oversized modulus (aws#1109)
8e1e775 
(cherry picked from commit 9545d9d)
@skmcgrail skmcgrail mentioned this pull request Aug 1, 2023
Merged
skmcgrail added a commit that referenced this pull request Aug 2, 2023
@skmcgrail
[fips-2021-10-20] Backport CVE-2023-3446, CVE-2023-3817 fixes for DH_…
4c2818e 
…check (#1127)

* Fix DH_check() excessive time with oversized modulus (#1109)

(cherry picked from commit 9545d9d)

* Fix Excessive time spent checking DH q parameter value (#1121)

(cherry picked from commit 1bb574f)

* Add GitHub CODEOWNERS
skmcgrail added a commit that referenced this pull request Aug 2, 2023
@skmcgrail
[fips-2021-10-20-1MU] Backport CVE-2023-3446, CVE-2023-3817 fixes for…
0c900fd 
… DH_check (#1128)

* Fix DH_check() excessive time with oversized modulus (#1109)

(cherry picked from commit 9545d9d)

* Fix Excessive time spent checking DH q parameter value (#1121)

(cherry picked from commit 1bb574f)
skmcgrail added a commit that referenced this pull request Aug 2, 2023
@skmcgrail
[fips-2022-11-02] Backport CVE-2023-3446, CVE-2023-3817 fixes for DH_…
7c3fe1a 
…check (#1129)

* Fix DH_check() excessive time with oversized modulus (#1109)

(cherry picked from commit 9545d9d)

* Fix Excessive time spent checking DH q parameter value (#1121)

(cherry picked from commit 1bb574f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samuel40791765 samuel40791765 samuel40791765 approved these changes

@justsmth justsmth justsmth approved these changes

@torben-hansen torben-hansen Awaiting requested review from torben-hansen

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@skmcgrail @samuel40791765 @torben-hansen @justsmth