From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 15 Jan 2025 17:29:52 +0000 (+0100)
Subject: Add CHANGES.md and NEWS.md updates for CVE-2024-13176
X-Git-Tag: openssl-3.4.1~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3fc4b112da2e2107a65ae2556fb6137098e08801;p=thirdparty%2Fopenssl.git

Add CHANGES.md and NEWS.md updates for CVE-2024-13176

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)

(cherry picked from commit c3144e102571517df6c15ccc049fa3660ab3cb0a)
---

diff --git a/CHANGES.md b/CHANGES.md
index 3e820ba1ca6..9d1843dcf8b 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -29,6 +29,19 @@ OpenSSL 3.4
 
 ### Changes between 3.4.0 and 3.4.1 [xx XXX xxxx]
 
+ * Fixed timing side-channel in ECDSA signature computation.
+
+   There is a timing signal of around 300 nanoseconds when the top word of
+   the inverted ECDSA nonce value is zero. This can happen with significant
+   probability only for some of the supported elliptic curves. In particular
+   the NIST P-521 curve is affected. To be able to measure this leak, the
+   attacker process must either be located in the same physical computer or
+   must have a very fast network connection with low latency.
+
+   ([CVE-2024-13176])
+
+   *TomÃ¡Å¡ MrÃ¡z*
+
  * Reverted the behavior change of CMS_get1_certs() and CMS_get1_crls()
    that happened in the 3.4.0 release. These functions now return NULL
    again if there are no certs or crls in the CMS object.
@@ -20887,6 +20900,7 @@ ndif
 
 <!-- Links -->
 
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
diff --git a/NEWS.md b/NEWS.md
index bca2629077c..6f38b397c70 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -24,7 +24,12 @@ OpenSSL 3.4
 
 ### Major changes between OpenSSL 3.4.0 and OpenSSL 3.4.1 [under development]
 
-  * none
+This release is in development.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed timing side-channel in ECDSA signature computation.
+    ([CVE-2024-13176])
 
 ### Major changes between OpenSSL 3.3 and OpenSSL 3.4.0 [22 Oct 2024]
 
@@ -1823,6 +1828,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535