A security flaw was recently reported by OpenSSL. The vulnerability could be exploited to trigger an infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack.
The function BN_mod_sqrt() for computing square roots contains a bug that could cause it to loop indefinitely for non-prime moduli. This function is used internally when parsing a certificate that contains an elliptic curve public key in compressed form or an explicit elliptic curve parameter with a base point encoded in compressed form.
“Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial-of-service attack,” OpenSSL said in an advisory published on March 15, 2022.
A specific certificate can be crafted to trigger an infinite loop, vulnerable situations include:
Solution / Mitigation:
At present, the OpenSSL project team has released a new version to fix the CVE-2022-0778 vulnerability, and organizations who use OpenSSL are advised to upgrade to the latest version as soon as possible.