### Changes between 3.4.0 and 3.4.1 [xx XXX xxxx]
+ * Fixed timing side-channel in ECDSA signature computation.
+
+ There is a timing signal of around 300 nanoseconds when the top word of
+ the inverted ECDSA nonce value is zero. This can happen with significant
+ probability only for some of the supported elliptic curves. In particular
+ the NIST P-521 curve is affected. To be able to measure this leak, the
+ attacker process must either be located in the same physical computer or
+ must have a very fast network connection with low latency.
+
+ ([CVE-2024-13176])
+
+ *Tomáš Mráz*
+
* Reverted the behavior change of CMS_get1_certs() and CMS_get1_crls()
that happened in the 3.4.0 release. These functions now return NULL
again if there are no certs or crls in the CMS object.
<!-- Links -->
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
### Major changes between OpenSSL 3.4.0 and OpenSSL 3.4.1 [under development]
- * none
+This release is in development.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fixed timing side-channel in ECDSA signature computation.
+ ([CVE-2024-13176])
### Major changes between OpenSSL 3.3 and OpenSSL 3.4.0 [22 Oct 2024]
<!-- Links -->
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
projects / thirdparty / openssl.git / commitdiff
