The branch OpenSSL_1_1_1-stable has been updated via d90d8537959683d6bc25636120b885f27bbce060 (commit) from cc330c704d961e51eae561a4dff425965c656914 (commit)
- Log ----------------------------------------------------------------- commit d90d8537959683d6bc25636120b885f27bbce060 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 20 10:52:53 2018 +0000 Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Nicola Tuveri <nic....@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7664) ----------------------------------------------------------------------- Summary of changes: CHANGES | 20 ++++++++++++++++++++ NEWS | 3 ++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index cf45875..aafc262 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,26 @@ Changes between 1.1.1 and 1.1.1a [xx XXX xxxx] + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] + *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names are retained for backwards compatibility. diff --git a/NEWS b/NEWS index 4026385..410e845 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [under development] - o + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits