projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Version changes where needed.
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 54df5583526004c4fcf3fd9dd6e2c8bc3086ffa2..9711d56436d445fd62f65ff7a8dfb59201edcde5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8 and 0.9.9  [xx XXX xxxx]
+
+  *) 
+
  Changes between 0.9.7h and 0.9.8  [xx XXX xxxx]
 
   *) Add attribute functions to EVP_PKEY structure. Modify
@@ -800,10 +804,10 @@
  Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
 
   *) Make a new fixed-window mod_exp implementation the default for
-     RSA, DSA, and DH private-key operations to mitigate the
-     hyper-threading timing attacks pointed out by Colin Percival
-     (http://www.daemonology.net/hyperthreading-considered-harmful/),
-     and potential related attacks.
+     RSA, DSA, and DH private-key operations so that the sequence of
+     squares and multiplies and the memory access pattern are
+     independent of the particular secret key.  This will mitigate
+     cache-timing and potential related attacks.
 
      BN_mod_exp_mont_consttime() is the new exponentiation implementation,
      and this is automatically used by BN_mod_exp_mont() if the new flag
Unnamed repository; edit this file 'description' to name the repository.