diff options
author | Billy Brumley <bbrumley@gmail.com> | 2019-09-06 17:26:40 +0300 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2019-09-07 15:37:13 +0300 |
commit | a1a0e6f28580d6a79762188128e23cca559993a8 (patch) | |
tree | 6a105ae235da2e1d9e31887ec5dd7747a06dc815 /CHANGES | |
parent | 5041ea38c96c9c8d7fc207a7fd25969f167f0f76 (diff) |
CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it
This is a forward port from https://github.com/openssl/openssl/pull/9781
of the CHANGES entry for the functionality added in
https://github.com/openssl/openssl/pull/9727
(cherry picked from commit 4b965086cb56c24cb5d2197fc04869b95f209a11)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9797)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -9,6 +9,13 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before + this change, EC_GROUP_set_generator would accept order and/or cofactor as + NULL. After this change, only the cofactor parameter can be NULL. It also + does some minimal sanity checks on the passed order. + (CVE-2019-1547) + [Billy Bob Brumley] + *) Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. The RAND subsystem will wait for /dev/random to be producing output before seeding from /dev/urandom. |