### Changes between 3.0.15 and 3.0.16 [xx XXX xxxx]
+ * Fixed timing side-channel in ECDSA signature computation.
+
+ There is a timing signal of around 300 nanoseconds when the top word of
+ the inverted ECDSA nonce value is zero. This can happen with significant
+ probability only for some of the supported elliptic curves. In particular
+ the NIST P-521 curve is affected. To be able to measure this leak, the
+ attacker process must either be located in the same physical computer or
+ must have a very fast network connection with low latency.
+
+ ([CVE-2024-13176])
+
+ *Tomáš Mráz*
+
* Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
curve parameters.
<!-- Links -->
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
This release incorporates the following bug fixes and mitigations:
+ * Fixed timing side-channel in ECDSA signature computation.
+ ([CVE-2024-13176])
+
* Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
curve parameters.
([CVE-2024-9143])
<!-- Links -->
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
projects / thirdparty / openssl.git / commitdiff
