Update CHANGES and NEWS for new release (d90d8537) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+20 −0

Original line number	Diff line number	Diff line
		@@ -9,6 +9,26 @@

		Changes between 1.1.1 and 1.1.1a [xx XXX xxxx]

		*) Timing vulnerability in DSA signature generation

		The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
		timing side channel attack. An attacker could use variations in the signing
		algorithm to recover the private key.

		This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
		(CVE-2018-0734)
		[Paul Dale]

		*) Timing vulnerability in ECDSA signature generation

		The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
		timing side channel attack. An attacker could use variations in the signing
		algorithm to recover the private key.

		This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
		(CVE-2018-0735)
		[Paul Dale]

		*) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
		the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
		are retained for backwards compatibility.

+2 −1

Original line number	Diff line number	Diff line
		@@ -7,7 +7,8 @@

		Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [under development]

		o
		o Timing vulnerability in DSA signature generation (CVE-2018-0734)
		o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)

		Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]