From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 17 Jun 2024 10:35:39 +0000 (+0200)
Subject: Add CHANGES.md entry for the EC/DSA nonce generation fixes
X-Git-Tag: openssl-3.0.15~93
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=347cb1df468a1b829b44f28345d6d7c38e550ca5;p=thirdparty%2Fopenssl.git

Add CHANGES.md entry for the EC/DSA nonce generation fixes

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24660)

(cherry picked from commit 72bff68f6acc4f420e283bcc77db76eb1917d7bf)
---

diff --git a/CHANGES.md b/CHANGES.md
index 9763bddc8be..9fb03f12536 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -74,6 +74,14 @@ breaking changes, and mappings for the large list of deprecated functions.
 
    *Tomáš Mráz*
 
+ * Improved EC/DSA nonce generation routines to avoid bias and timing
+   side channel leaks.
+
+   Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis
+   and Hubert Kario from Red Hat for reporting the issues.
+
+   *Tomáš Mráz and Paul Dale*
+
  * Fixed an issue where some non-default TLS server configurations can cause
    unbounded memory growth when processing TLSv1.3 sessions. An attacker may
    exploit certain server configurations to trigger unbounded memory growth that