Add a CHANGES entry for CVE-2019-1551

Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10575)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-12-05 01:20:14 +0100
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-12-06 13:36:16 +0100
commit: 580b8db8b4f1290ec879bfd0bb772012695ac370 (patch)
tree: 71dde67b42aca2e3bc1f88dc4eca70b2178cacb3 /CHANGES
parent: 08fb832377cd90c08a2d233b3230b95a9b9f6e24 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 58e98dd391..42382fd031 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,18 @@
 
  Changes between 1.1.1d and 1.1.1e [xx XXX xxxx]
 
+  *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
+     used in exponentiation with 512-bit moduli. No EC algorithms are
+     affected. Analysis suggests that attacks against 2-prime RSA1024,
+     3-prime RSA1536, and DSA1024 as a result of this defect would be very
+     difficult to perform and are not believed likely. Attacks against DH512
+     are considered just feasible. However, for an attack the target would
+     have to re-use the DH512 private key, which is not recommended anyway.
+     Also applications directly using the low level API BN_mod_exp may be
+     affected if they use BN_FLG_CONSTTIME.
+     (CVE-2019-1551)
+     [Andy Polyakov]
+
   *) Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
      The presence of this system service is determined at run-time.
      [Richard Levitte]
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-12-05 01:20:14 +0100
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-12-06 13:36:16 +0100
commit	580b8db8b4f1290ec879bfd0bb772012695ac370 (patch)
tree	71dde67b42aca2e3bc1f88dc4eca70b2178cacb3 /CHANGES
parent	08fb832377cd90c08a2d233b3230b95a9b9f6e24 (diff)