From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 17 Jun 2024 10:35:39 +0000 (+0200)
Subject: Add CHANGES.md entry for the EC/DSA nonce generation fixes
X-Git-Tag: openssl-3.1.7~96
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba389a5d204af9ecc4ba560a0e42b875a252a686;p=thirdparty%2Fopenssl.git

Add CHANGES.md entry for the EC/DSA nonce generation fixes

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24660)

(cherry picked from commit 72bff68f6acc4f420e283bcc77db76eb1917d7bf)
---

diff --git a/CHANGES.md b/CHANGES.md
index 78eb99e9576..e71e8783e9f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -68,6 +68,14 @@ OpenSSL 3.1
 
    *Tomáš Mráz*
 
+ * Improved EC/DSA nonce generation routines to avoid bias and timing
+   side channel leaks.
+
+   Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis
+   and Hubert Kario from Red Hat for reporting the issues.
+
+   *Tomáš Mráz and Paul Dale*
+
  * Fixed an issue where some non-default TLS server configurations can cause
    unbounded memory growth when processing TLSv1.3 sessions. An attacker may
    exploit certain server configurations to trigger unbounded memory growth that