diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-03-12 14:16:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-12 14:19:54 +0000 |
commit | 4b7a4ba29cafa432fc4266fe6e59e60bc1c96332 (patch) | |
tree | ee5a9cca2a910d9231653ec7e21e67edaa59babb /CHANGES | |
parent | e0660c6257306a91eff7a471141a71e8f2a02795 (diff) |
Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29)
Conflicts:
CHANGES
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -4,6 +4,15 @@ Changes between 1.0.1f and 1.0.1g [xx XXX xxxx] + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + *) TLS pad extension: draft-agl-tls-padding-02 Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the |