Fix for CVE-2014-0076 backported to 0.9.8 branch

Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. Thanks for mancha for backporting the fix to OpenSSL 0.9.8 branch.
author: mancha <mancha1@hush.com> 2014-03-27 00:55:08 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-03-27 00:55:08 +0000
commit: fff69a7d8c38b5a391e7d71b0b51999003dd1e8f (patch)
tree: 39cb0a786f6c9f707562d39585b142af1364de18 /CHANGES
parent: a375025e4dd58a05e926a5384774a85671695dd9 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 6a305e14ef..27c65984c1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,17 @@
 
  Changes between 0.9.8y and 0.9.8za [xx XXX xxxx]
 
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+     Thanks to mancha for backporting the fix to the 0.9.8 branch.
+
   *) Fix handling of warning-level alerts in SSL23 client mode so they
      don't cause client-side termination (eg. on SNI unrecognized_name
      warnings). Add client and server support for six additional alerts
author	mancha <mancha1@hush.com>	2014-03-27 00:55:08 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-03-27 00:55:08 +0000
commit	fff69a7d8c38b5a391e7d71b0b51999003dd1e8f (patch)
tree	39cb0a786f6c9f707562d39585b142af1364de18 /CHANGES
parent	a375025e4dd58a05e926a5384774a85671695dd9 (diff)