Fix for CVE-2014-0076

Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29) Conflicts: CHANGES
author: Dr. Stephen Henson <steve@openssl.org> 2014-03-12 14:16:19 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-03-12 14:29:43 +0000
commit: f9b6c0ba4c02497782f801e3c45688f3efaac55c (patch)
tree: e6fe7fd8427a6f1c8067ad5e5159109e30c137c5 /CHANGES
parent: a029788b0e0c19cee4007cc1f73201cf2c13addf (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 797c02118c..1b10b774a9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
 
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
   *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
      this fixes a limiation in previous versions of OpenSSL.
      [Steve Henson]
author	Dr. Stephen Henson <steve@openssl.org>	2014-03-12 14:16:19 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-03-12 14:29:43 +0000
commit	f9b6c0ba4c02497782f801e3c45688f3efaac55c (patch)
tree	e6fe7fd8427a6f1c8067ad5e5159109e30c137c5 /CHANGES
parent	a029788b0e0c19cee4007cc1f73201cf2c13addf (diff)