Add CHANGES.md and NEWS.md updates for CVE-2024-13176

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from openssl#26429) (cherry picked from commit c3144e1)
bernd-edlinger · Feb 7, 2025 · 0966486 · 0966486
1 parent 27307f9
commit 0966486
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/CHANGES b/CHANGES
@@ -9,6 +9,18 @@
 
  Changes between 1.1.1w and 1.1.1x [xx XXX xxxx]
 
+ *) Fixed timing side-channel in ECDSA signature computation.
+
+    There is a timing signal of around 300 nanoseconds when the top word of
+    the inverted ECDSA nonce value is zero. This can happen with significant
+    probability only for some of the supported elliptic curves. In particular
+    the NIST P-521 curve is affected. To be able to measure this leak, the
+    attacker process must either be located in the same physical computer or
+    must have a very fast network connection with low latency.
+
+    (CVE-2024-13176)
+    [Tomáš Mráz]
+
  *) Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
     curve parameters.
 

diff --git a/NEWS b/NEWS
@@ -7,6 +7,8 @@
 
   Major changes between OpenSSL 1.1.1w and OpenSSL 1.1.1x [under development]
 
+      o Fixed timing side-channel in ECDSA signature computation.
+        (CVE-2024-13176)
       o Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
         curve parameters.
         (CVE-2024-9143)