Update CHANGES and NEWS for new release (c1ef2852) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+21 −1

Original line number	Diff line number	Diff line
		@@ -55,7 +55,27 @@
		list of built in objects, i.e. OIDs with names.
		[Richard Levitte]

		Changes between 1.1.1 and 1.1.1a [xx XXX xxxx]
		Changes between 1.1.1 and 1.1.1a [20 Nov 2018]

		*) Timing vulnerability in DSA signature generation

		The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
		timing side channel attack. An attacker could use variations in the signing
		algorithm to recover the private key.

		This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
		(CVE-2018-0734)
		[Paul Dale]

		*) Timing vulnerability in ECDSA signature generation

		The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
		timing side channel attack. An attacker could use variations in the signing
		algorithm to recover the private key.

		This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
		(CVE-2018-0735)
		[Paul Dale]

		*) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
		if its length exceeds 4096 bytes. The limit has been raised to a buffer size

+5 −0

Original line number	Diff line number	Diff line
		@@ -10,6 +10,11 @@
		o Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC
		bridge.

		Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]

		o Timing vulnerability in DSA signature generation (CVE-2018-0734)
		o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)

		Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]

		o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3