[Midnightbsd-cvs] [MidnightBSD/src] 729bab: Fix an openssl vulnerability.
Lucas Holt
noreply at github.com
Tue Mar 15 15:43:18 EDT 2022
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: 729babff0a240e96085684ddbe4ffe1dadb72efe
https://github.com/MidnightBSD/src/commit/729babff0a240e96085684ddbe4ffe1dadb72efe
Author: Lucas Holt <luke at foolishgames.com>
Date: 2022-03-15 (Tue, 15 Mar 2022)
Changed paths:
M crypto/openssl/crypto/bn/bn_sqrt.c
M crypto/openssl/doc/man3/BN_add.pod
Log Message:
-----------
Fix an openssl vulnerability.
The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli. This function
is used when parsing certificates that contain certain forms of elliptic
curves.
A specially crafted certificate with invalid explicit curve parameters may
trigger an infinite loop, leading to a denial of service. Since certificate
parsing happens prior to verification of the certificate signature, any
process that parses an externally supplied certificate may be affected.
More information about the Midnightbsd-cvs
mailing list