Fix for CVE-2014-0076

Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix.
author: Dr. Stephen Henson <steve@openssl.org> 2014-03-12 14:16:19 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-03-12 14:16:19 +0000
commit: 2198be3483259de374f91e57d247d0fc667aef29 (patch)
tree: 4f90995bbbd9f9a676314b1c35b4f8f72084dad9 /CHANGES
parent: 6fe498497c38378df332e7938ebcc60686de4c91 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 4bf93e1998..edea4a10b6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,14 @@
 
  Changes between 1.0.0l and 1.0.0m [xx XXX xxxx]
 
-  *)
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
 
  Changes between 1.0.0k and 1.0.0l [6 Jan 2014]
author	Dr. Stephen Henson <steve@openssl.org>	2014-03-12 14:16:19 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-03-12 14:16:19 +0000
commit	2198be3483259de374f91e57d247d0fc667aef29 (patch)
tree	4f90995bbbd9f9a676314b1c35b4f8f72084dad9 /CHANGES
parent	6fe498497c38378df332e7938ebcc60686de4c91 (diff)