This repository contains the attack code to exploit small side-channel leakage from OpenSSL ECDSA nonces in version 1.0.2 and 1.1.0, as well as our constant-time patch for scalar multiplication. The attacks were made possible with Flush+Reload cache attack technique. See our manuscript for more details.