From f47270e10b7ec18e5719bb2260a7d6460af387ac Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 6 Dec 2017 14:09:11 +0000 Subject: [PATCH] Update CHANGES and NEWS for new release Reviewed-by: Rich Salz --- CHANGES | 22 ++++++++++++++++++++++ NEWS | 4 ++++ 2 files changed, 26 insertions(+) diff --git a/CHANGES b/CHANGES index 3ae8b4d0bd..cbae96d62e 100644 --- a/CHANGES +++ b/CHANGES @@ -190,6 +190,28 @@ issues, has been replaced to always returns NULL. [Rich Salz] + Changes between 1.1.0g and 1.1.0h [xx XXX xxxx] + + *) rsaz_1024_mul_avx2 overflow bug on x86_64 + + There is an overflow bug in the AVX2 Montgomery multiplication procedure + used in exponentiation with 1024-bit moduli. No EC algorithms are affected. + Analysis suggests that attacks against RSA and DSA as a result of this + defect would be very difficult to perform and are not believed likely. + Attacks against DH1024 are considered just feasible, because most of the + work necessary to deduce information about a private key may be performed + offline. The amount of resources required for such an attack would be + significant. However, for an attack on TLS to be meaningful, the server + would have to share the DH1024 private key among multiple clients, which is + no longer an option since CVE-2016-0701. + + This only affects processors that support the AVX2 but not ADX extensions + like Intel Haswell (4th generation). + + This issue was reported to OpenSSL by David Benjamin (Google). The issue + was originally found via the OSS-Fuzz project. + (CVE-2017-3738) + [Andy Polyakov] Changes between 1.1.0f and 1.1.0g [2 Nov 2017] diff --git a/NEWS b/NEWS index d102cb73bd..73a5a253b8 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,10 @@ o Add a STORE module (OSSL_STORE) o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes + Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development] + + o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) + Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) -- GitLab