CVE-2023-5678

Issue summary: Generating excessively long X9.42 DH keys or checking<br /> excessively long X9.42 DH keys or parameters may be very slow.<br /> <br /> Impact summary: Applications that use the functions DH_generate_key() to<br /> generate an X9.42 DH key may experience long delays. Likewise, applications<br /> that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()<br /> to check an X9.42 DH key or X9.42 DH parameters may experience long delays.<br /> Where the key or parameters that are being checked have been obtained from<br /> an untrusted source this may lead to a Denial of Service.<br /> <br /> While DH_check() performs all the necessary checks (as of CVE-2023-3817),<br /> DH_check_pub_key() doesn&amp;#39;t make any of these checks, and is therefore<br /> vulnerable for excessively large P and Q parameters.<br /> <br /> Likewise, while DH_generate_key() performs a check for an excessively large<br /> P, it doesn&amp;#39;t check for an excessively large Q.<br /> <br /> An application that calls DH_generate_key() or DH_check_pub_key() and<br /> supplies a key or parameters obtained from an untrusted source could be<br /> vulnerable to a Denial of Service attack.<br /> <br /> DH_generate_key() and DH_check_pub_key() are also called by a number of<br /> other OpenSSL functions. An application calling any of those other<br /> functions may similarly be affected. The other functions affected by this<br /> are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().<br /> <br /> Also vulnerable are the OpenSSL pkey command line application when using the<br /> "-pubcheck" option, as well as the OpenSSL genpkey command line application.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.