Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.
author: Dr. Stephen Henson <steve@openssl.org> 2011-05-25 14:41:56 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-05-25 14:41:56 +0000
commit: 992bdde62d2eea57bb85935a0c1a0ef0ca59b3da (patch)
tree: 3833d8b6feee3840da25922b816694449be5fbe0 /CHANGES
parent: bbcf3a9b300bc8109bb306a53f6f3445ba02e8e9 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 22749650b7..1633d27975 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+	http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
   *) Add TLS v1.2 server support for client authentication. 
      [Steve Henson]
author	Dr. Stephen Henson <steve@openssl.org>	2011-05-25 14:41:56 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-05-25 14:41:56 +0000
commit	992bdde62d2eea57bb85935a0c1a0ef0ca59b3da (patch)
tree	3833d8b6feee3840da25922b816694449be5fbe0 /CHANGES
parent	bbcf3a9b300bc8109bb306a53f6f3445ba02e8e9 (diff)