diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-12-05 01:20:14 +0100 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-12-06 13:31:31 +0100 |
commit | 4c3f748d7cfffb3309451c6bfdd686f89ec290b2 (patch) | |
tree | 124d4bd6d580effeebc5041af213d6e18cfd5161 /CHANGES | |
parent | 18d42d8d56352b81510d87dd12d1ac93d1d408d3 (diff) |
Add a CHANGES entry for CVE-2019-1551
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10574)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -9,6 +9,18 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure + used in exponentiation with 512-bit moduli. No EC algorithms are + affected. Analysis suggests that attacks against 2-prime RSA1024, + 3-prime RSA1536, and DSA1024 as a result of this defect would be very + difficult to perform and are not believed likely. Attacks against DH512 + are considered just feasible. However, for an attack the target would + have to re-use the DH512 private key, which is not recommended anyway. + Also applications directly using the low level API BN_mod_exp may be + affected if they use BN_FLG_CONSTTIME. + (CVE-2019-1551) + [Andy Polyakov] + *) Introduced a new method type and API, OSSL_SERIALIZER, to represent generic serializers. An implementation is expected to be able to serialize an object associated with a given name (such |