Update CHANGES and NEWS for new release (503c1858) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+20 −0

Original line number	Diff line number	Diff line
		@@ -9,6 +9,26 @@

		Changes between 1.1.0i and 1.1.0j [xx XXX xxxx]

		*) Timing vulnerability in DSA signature generation

		The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
		timing side channel attack. An attacker could use variations in the signing
		algorithm to recover the private key.

		This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
		(CVE-2018-0734)
		[Paul Dale]

		*) Timing vulnerability in ECDSA signature generation

		The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
		timing side channel attack. An attacker could use variations in the signing
		algorithm to recover the private key.

		This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
		(CVE-2018-0735)
		[Paul Dale]

		*) Add coordinate blinding for EC_POINT and implement projective
		coordinate blinding for generic prime curves as a countermeasure to
		chosen point SCA attacks.

+2 −1

Original line number	Diff line number	Diff line
		@@ -7,7 +7,8 @@

		Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [under development]

		o
		o Timing vulnerability in DSA signature generation (CVE-2018-0734)
		o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)

		Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018]