提交 d90d8537 编写于 作者: M Matt Caswell

Update CHANGES and NEWS for new release

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7664)
上级 cc330c70
...@@ -9,6 +9,26 @@ ...@@ -9,6 +9,26 @@
Changes between 1.1.1 and 1.1.1a [xx XXX xxxx] Changes between 1.1.1 and 1.1.1a [xx XXX xxxx]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
*) Timing vulnerability in ECDSA signature generation
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
(CVE-2018-0735)
[Paul Dale]
*) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
are retained for backwards compatibility. are retained for backwards compatibility.
......
...@@ -7,7 +7,8 @@ ...@@ -7,7 +7,8 @@
Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [under development] Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [under development]
o o Timing vulnerability in DSA signature generation (CVE-2018-0734)
o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册