diff options
author | Richard Levitte <levitte@openssl.org> | 2023-05-12 10:00:13 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-06-06 10:48:50 +0200 |
commit | d63b3e7959e79f98d60760a739f7876dc5adc838 (patch) | |
tree | 987531abfe2b0ed71fc1f1bc6e4a40238e0aab03 /CHANGES.md | |
parent | 3ca28c9e81fae36b0b44dc39beecd2b5a7561975 (diff) | |
download | openssl-d63b3e7959e79f98d60760a739f7876dc5adc838.tar.gz |
Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.
To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:
> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).
Fixes otc/security#96
Fixes CVE-2023-2650
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index cfe2fafa6e..1d497e81ba 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -284,6 +284,32 @@ OpenSSL 3.1 ### Changes between 3.1.0 and 3.1.1 [xx XXX xxxx] + * Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic + OBJECT IDENTIFIER sub-identifiers to canonical numeric text form. + + OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical + numeric text form. For gigantic sub-identifiers, this would take a very + long time, the time complexity being O(n^2) where n is the size of that + sub-identifier. ([CVE-2023-2650]) + + To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT + IDENTIFIER to canonical numeric text form if the size of that OBJECT + IDENTIFIER is 586 bytes or less, and fail otherwise. + + The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT + IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at + most 128 sub-identifiers, and that the maximum value that each sub- + identifier may have is 2^32-1 (4294967295 decimal). + + For each byte of every sub-identifier, only the 7 lower bits are part of + the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with + these restrictions may occupy is 32 * 128 / 7, which is approximately 586 + bytes. + + Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 + + *Richard Levitte* + * Multiple algorithm implementation fixes for ARM BE platforms. *Liu-ErMeng* @@ -19976,6 +20002,7 @@ ndif <!-- Links --> +[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 [CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 |