CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it

This is a forward port from https://github.com/openssl/openssl/pull/9781 of the CHANGES entry for the functionality added in https://github.com/openssl/openssl/pull/9727 (cherry picked from commit 4b965086cb56c24cb5d2197fc04869b95f209a11) Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9797)
author: Billy Brumley <bbrumley@gmail.com> 2019-09-06 17:26:40 +0300
committer: Nicola Tuveri <nic.tuv@gmail.com> 2019-09-07 15:37:13 +0300
commit: a1a0e6f28580d6a79762188128e23cca559993a8 (patch)
tree: 6a105ae235da2e1d9e31887ec5dd7747a06dc815 /CHANGES
parent: 5041ea38c96c9c8d7fc207a7fd25969f167f0f76 (diff)
download: openssl-new-a1a0e6f28580d6a79762188128e23cca559993a8.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 369b32756c..9599c64545 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,13 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
+     this change, EC_GROUP_set_generator would accept order and/or cofactor as
+     NULL. After this change, only the cofactor parameter can be NULL. It also
+     does some minimal sanity checks on the passed order.
+     (CVE-2019-1547)
+     [Billy Bob Brumley]
+
   *) Early start up entropy quality from the DEVRANDOM seed source has been
      improved for older Linux systems.  The RAND subsystem will wait for
      /dev/random to be producing output before seeding from /dev/urandom.
author	Billy Brumley <bbrumley@gmail.com>	2019-09-06 17:26:40 +0300
committer	Nicola Tuveri <nic.tuv@gmail.com>	2019-09-07 15:37:13 +0300
commit	a1a0e6f28580d6a79762188128e23cca559993a8 (patch)
tree	6a105ae235da2e1d9e31887ec5dd7747a06dc815 /CHANGES
parent	5041ea38c96c9c8d7fc207a7fd25969f167f0f76 (diff)
download	openssl-new-a1a0e6f28580d6a79762188128e23cca559993a8.tar.gz