]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 76c16b4)
Add CHANGES.md entry for the EC/DSA nonce generation fixes
authorTomas Mraz <tomas@openssl.org>
Mon, 17 Jun 2024 10:35:39 +0000 (12:35 +0200)
committerTomas Mraz <tomas@openssl.org>
Thu, 20 Jun 2024 15:00:51 +0000 (17:00 +0200)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24660)

(cherry picked from commit 72bff68f6acc4f420e283bcc77db76eb1917d7bf)

CHANGES.md patch | blob | blame | history

diff --git a/CHANGES.md b/CHANGES.md
index 78eb99e95762af7f70576106281cff433ccd8abe..e71e8783e9fc3231d678fe275b240391d802fc87 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -68,6 +68,14 @@ OpenSSL 3.1
 
    *Tomáš Mráz*
 
+ * Improved EC/DSA nonce generation routines to avoid bias and timing
+   side channel leaks.
+
+   Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis
+   and Hubert Kario from Red Hat for reporting the issues.
+
+   *Tomáš Mráz and Paul Dale*
+
  * Fixed an issue where some non-default TLS server configurations can cause
    unbounded memory growth when processing TLSv1.3 sessions. An attacker may
    exploit certain server configurations to trigger unbounded memory growth that
Mirror of https://github.com/openssl/openssl.git