CVE-2018-5407 fix: ECC ladder

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7593)
author: Billy Brumley <bbrumley@gmail.com> 2018-11-08 13:57:54 +0200
committer: Nicola Tuveri <nic.tuv@gmail.com> 2018-11-12 16:00:30 +0200
commit: b18162a7c9bbfb57112459a4d6631fa258fd8c0c (patch)
tree: 6a39f2a44e1e3a40406ba254a1715f7f6f3d52f4 /CHANGES
parent: 59b9c67fcaf1c1e2c0e30de6facca85910ac361a (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index b574074728..fde66b5ba4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,19 @@
 
  Changes between 1.0.2p and 1.0.2q [xx XXX xxxx]
 
+  *) Microarchitecture timing vulnerability in ECC scalar multiplication
+
+     OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
+     shown to be vulnerable to a microarchitecture timing side channel attack.
+     An attacker with sufficient access to mount local timing attacks during
+     ECDSA signature generation could recover the private key.
+
+     This issue was reported to OpenSSL on 26th October 2018 by Alejandro
+     Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
+     Nicola Tuveri.
+     (CVE-2018-5407)
+     [Billy Brumley]
+
   *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object
      Module, accidentally introduced while backporting security fixes from the
      development branch and hindering the use of ECC in FIPS mode.
author	Billy Brumley <bbrumley@gmail.com>	2018-11-08 13:57:54 +0200
committer	Nicola Tuveri <nic.tuv@gmail.com>	2018-11-12 16:00:30 +0200
commit	b18162a7c9bbfb57112459a4d6631fa258fd8c0c (patch)
tree	6a39f2a44e1e3a40406ba254a1715f7f6f3d52f4 /CHANGES
parent	59b9c67fcaf1c1e2c0e30de6facca85910ac361a (diff)