summaryrefslogtreecommitdiff
path: root/CHANGES
diff options
context:
space:
mode:
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES14
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 114ea248d08d..8ac4f2586c65 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,20 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.0.2t and 1.0.2u [20 Dec 2019]
+
+ *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
+ used in exponentiation with 512-bit moduli. No EC algorithms are
+ affected. Analysis suggests that attacks against 2-prime RSA1024,
+ 3-prime RSA1536, and DSA1024 as a result of this defect would be very
+ difficult to perform and are not believed likely. Attacks against DH512
+ are considered just feasible. However, for an attack the target would
+ have to re-use the DH512 private key, which is not recommended anyway.
+ Also applications directly using the low level API BN_mod_exp may be
+ affected if they use BN_FLG_CONSTTIME.
+ (CVE-2019-1551)
+ [Andy Polyakov]
+
Changes between 1.0.2s and 1.0.2t [10 Sep 2019]
*) For built-in EC curves, ensure an EC_GROUP built from the curve name is