diff options
author | Matt Caswell <matt@openssl.org> | 2018-11-20 10:52:53 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-11-20 11:56:04 +0000 |
commit | 503c18583a1c8910ad42d4426290f0a61daae7a6 (patch) | |
tree | 7adcb553f1dcb45c55cae2ed575e1bc3ea1962ef | |
parent | b1aec9e84e2d36b0c4b45633d5343a39cb1ac25f (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7666)
-rw-r--r-- | CHANGES | 20 | ||||
-rw-r--r-- | NEWS | 3 |
2 files changed, 22 insertions, 1 deletions
@@ -9,6 +9,26 @@ Changes between 1.1.0i and 1.1.0j [xx XXX xxxx] + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] + *) Add coordinate blinding for EC_POINT and implement projective coordinate blinding for generic prime curves as a countermeasure to chosen point SCA attacks. @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [under development] - o + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] |