CVE-2023-3446

*** Pendiente de traducción *** Issue summary: Checking excessively long DH keys or parameters may be very slow.<br /> <br /> Impact summary: Applications that use the functions DH_check(), DH_check_ex()<br /> or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long<br /> delays. Where the key or parameters that are being checked have been obtained<br /> from an untrusted source this may lead to a Denial of Service.<br /> <br /> The function DH_check() performs various checks on DH parameters. One of those<br /> checks confirms that the modulus (&amp;#39;p&amp;#39; parameter) is not too large. Trying to use<br /> a very large modulus is slow and OpenSSL will not normally use a modulus which<br /> is over 10,000 bits in length.<br /> <br /> However the DH_check() function checks numerous aspects of the key or parameters<br /> that have been supplied. Some of those checks use the supplied modulus value<br /> even if it has already been found to be too large.<br /> <br /> An application that calls DH_check() and supplies a key or parameters obtained<br /> from an untrusted source could be vulernable to a Denial of Service attack.<br /> <br /> The function DH_check() is itself called by a number of other OpenSSL functions.<br /> An application calling any of those other functions may similarly be affected.<br /> The other functions affected by this are DH_check_ex() and<br /> EVP_PKEY_param_check().<br /> <br /> Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications<br /> when using the &amp;#39;-check&amp;#39; option.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.