OpenSSL Security Advisory [20th January 2025] ============================================= Timing side-channel in ECDSA signature computation (CVE-2024-13176) =================================================================== Severity: Low Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue. OpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. OpenSSL 3.4 users should upgrade to OpenSSL 3.4.1 once it is released. OpenSSL 3.3 users should upgrade to OpenSSL 3.3.3 once it is released. OpenSSL 3.2 users should upgrade to OpenSSL 3.2.4 once it is released. OpenSSL 3.1 users should upgrade to OpenSSL 3.1.8 once it is released. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.16 once it is released. OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1zb once it is released (premium support customers only). OpenSSL 1.0.2 users should upgrade to OpenSSL 1.0.2zl once it is released (premium support customers only). Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next release of each branch, once it becomes available. The fix is also available in commit 77c608f4 (for 3.4), commit 392dcb33 (for 3.3), commit 4b1cb94 (for 3.2), commit 2af62e74 (for 3.1) and commit 07272b05 (for 3.0) in the OpenSSL git repository. It is available to premium support customers in commit a2639000 (for 1.1.1) and in commit 0d5fd1ab (for 1.0.2). This issue was reported on 4th September 2024 by George Pantelakis and Alicja Kario (Red Hat). The fix was developed by Tomas Mraz. General Advisory Notes ====================== URL for this Security Advisory: https://openssl-library.org/news/secadv/20250120.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://openssl-library.org/policies/general/security-policy/ -- You received this message because you are subscribed to the Google Groups "openssl-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx. To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/17f05cfa98010a6bd034d0ee50d3fd8a6106ce9d.camel%40openssl.org.
Attachment:
signature.asc
Description: This is a digitally signed message part
