Update CHANGES and NEWS for new release
Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Matt Caswell
parent
420b88cec8
commit
de8c19cddd
2 changed files with 39 additions and 0 deletions
34
CHANGES
34
CHANGES
|
|
@ -177,6 +177,40 @@
|
|||
issues, has been replaced to always returns NULL.
|
||||
[Rich Salz]
|
||||
|
||||
|
||||
Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
|
||||
|
||||
*) bn_sqrx8x_internal carry bug on x86_64
|
||||
|
||||
There is a carry propagating bug in the x86_64 Montgomery squaring
|
||||
procedure. No EC algorithms are affected. Analysis suggests that attacks
|
||||
against RSA and DSA as a result of this defect would be very difficult to
|
||||
perform and are not believed likely. Attacks against DH are considered just
|
||||
feasible (although very difficult) because most of the work necessary to
|
||||
deduce information about a private key may be performed offline. The amount
|
||||
of resources required for such an attack would be very significant and
|
||||
likely only accessible to a limited number of attackers. An attacker would
|
||||
additionally need online access to an unpatched system using the target
|
||||
private key in a scenario with persistent DH parameters and a private
|
||||
key that is shared between multiple clients.
|
||||
|
||||
This only affects processors that support the BMI1, BMI2 and ADX extensions
|
||||
like Intel Broadwell (5th generation) and later or AMD Ryzen.
|
||||
|
||||
This issue was reported to OpenSSL by the OSS-Fuzz project.
|
||||
(CVE-2017-3736)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Malformed X.509 IPAddressFamily could cause OOB read
|
||||
|
||||
If an X.509 certificate has a malformed IPAddressFamily extension,
|
||||
OpenSSL could do a one-byte buffer overread. The most likely result
|
||||
would be an erroneous display of the certificate in text format.
|
||||
|
||||
This issue was reported to OpenSSL by the OSS-Fuzz project.
|
||||
(CVE-2017-3735)
|
||||
[Rich Salz]
|
||||
|
||||
Changes between 1.1.0e and 1.1.0f [25 May 2017]
|
||||
|
||||
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
|
||||
|
|
|
|||
5
NEWS
5
NEWS
|
|
@ -11,6 +11,11 @@
|
|||
o Add a STORE module (OSSL_STORE)
|
||||
o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
|
||||
|
||||
Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
|
||||
|
||||
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
|
||||
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
|
||||
|
||||
Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
|
||||
|
||||
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
|
||||
|
|
|
|||
Loading…
Reference in a new issue