From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 15 Jan 2025 17:29:52 +0000 (+0100)
Subject: Add CHANGES.md and NEWS.md updates for CVE-2024-13176
X-Git-Tag: openssl-3.3.3~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcebf0a79a0a69f63721b66e94b01400a7de332e;p=thirdparty%2Fopenssl.git

Add CHANGES.md and NEWS.md updates for CVE-2024-13176

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)

(cherry picked from commit c3144e102571517df6c15ccc049fa3660ab3cb0a)
---

diff --git a/CHANGES.md b/CHANGES.md
index 183b216a1ee..3c12059d825 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -28,6 +28,19 @@ OpenSSL 3.3
 
 ### Changes between 3.3.2 and 3.3.3 [xx XXX xxxx]
 
+ * Fixed timing side-channel in ECDSA signature computation.
+
+   There is a timing signal of around 300 nanoseconds when the top word of
+   the inverted ECDSA nonce value is zero. This can happen with significant
+   probability only for some of the supported elliptic curves. In particular
+   the NIST P-521 curve is affected. To be able to measure this leak, the
+   attacker process must either be located in the same physical computer or
+   must have a very fast network connection with low latency.
+
+   ([CVE-2024-13176])
+
+   *TomÃ¡Å¡ MrÃ¡z*
+
  * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
    curve parameters.
 
@@ -20703,6 +20716,7 @@ ndif
 
 <!-- Links -->
 
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
diff --git a/NEWS.md b/NEWS.md
index 49524a4e02d..4e6a796ddd2 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -28,6 +28,9 @@ release is Low.
 
 This release incorporates the following bug fixes and mitigations:
 
+  * Fixed timing side-channel in ECDSA signature computation.
+    ([CVE-2024-13176])
+
   * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
     curve parameters.
     ([CVE-2024-9143])
@@ -1753,6 +1756,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535