Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.
author: steve <steve> 2011-05-25 14:41:56 +0000
committer: steve <steve> 2011-05-25 14:41:56 +0000
commit: 4c359417c2c6bbf60e3e2b68477676146cf50651 (patch)
tree: b1fad81853c89448c22c09aa120d3d51b162a0eb /CHANGES
parent: d1d42dbb498e0b3a1f94614d806ab1dca65ccb56 (diff)
download: openssl-4c359417c2c6bbf60e3e2b68477676146cf50651.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 22749650b..1633d2797 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+	http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
   *) Add TLS v1.2 server support for client authentication. 
      [Steve Henson]
author	steve <steve>	2011-05-25 14:41:56 +0000
committer	steve <steve>	2011-05-25 14:41:56 +0000
commit	4c359417c2c6bbf60e3e2b68477676146cf50651 (patch)
tree	b1fad81853c89448c22c09aa120d3d51b162a0eb /CHANGES
parent	d1d42dbb498e0b3a1f94614d806ab1dca65ccb56 (diff)
download	openssl-4c359417c2c6bbf60e3e2b68477676146cf50651.tar.gz