| # OpenSSL Advisory: May 30th, 2023 (BoringSSL Not Affected) |
| |
| OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20230530.txt). Here's how it affects BoringSSL: |
| |
| CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL |
| ----|---------|-----------------------|--------------------- |
| CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers | Moderate | Independently [fixed in 2016](https://boringssl.googlesource.com/boringssl/+/2f8ea545a63be73a6869a5cfd018748c0f868d83). Impact to BoringSSL before 2016 was much lower. See discussion below. |
| |
| [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity |
| |
| ## CVE-2023-2650 |
| |
| This is a result of integer-to-decimal conversion being quadratic in the width of the integer. OpenSSL allowed arbitrarily large OIDs and OID components when converting OIDs to the dotted-decimal representation, making the overall operation quadratic and thus a DoS risk when run on attacker-supplied OIDs. |
| |
| While this conversion is typically unnecessary (OIDs can be compared using the binary encoding), some systems use the dotted-decimal form either for logging or as an internal representation of the OID. Per the advisory, OpenSSL 3.x does this as part of X.509 signature verification. |
| |
| BoringSSL independently fixed the quadratic-time behavior in [2016](https://boringssl.googlesource.com/boringssl/+/2f8ea545a63be73a6869a5cfd018748c0f868d83) by limiting the conversion to components less than 2⁶⁴. Additionally, BoringSSL does not convert to dotted-decimal as part of X.509 signature verification. It only converts when callers specifically request a textual representation of some structure. |
