]> git.ipfire.org Git - thirdparty/strongswan.git/blobdiff - NEWS
projects / thirdparty / strongswan.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use MGF1 with SHA-512 as BLISS random oracle
[thirdparty/strongswan.git] / NEWS
diff --git a/NEWS b/NEWS
index e0540240e9900bcc16e13130dd7380d2979408dd..938487926c2b560cc12eb98c4206f07391d8491d 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,11 @@ strongswan-5.3.3
 - The vici interface now supports the configuration of auxiliary certification
   authority information as CRL and OCSP URIs
  
+- In the bliss plugin the c_indices derivation using a SHA-512 based random oracle
+  has been fixed, generalized and standardized by employing the MGF1 mask generation
+  function with SHA-512. As a consequence BLISS signatures unsing the improved oracle
+  are not compatible with the earlier implementation.
 
 strongswan-5.3.2
 ----------------
Unnamed repository; edit this file 'description' to name the repository.