| 1.1.1.1 |
| 16-Apr-2025 |
christos | branches: 1.1.1.1.4;
Import openssl 3.0.16 (previous was 3.0.15)
### Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
* Fixed timing side-channel in ECDSA signature computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
([CVE-2024-13176])
*Tom\xc3\xa1\xc5\xa1 Mr\xc3\xa1z*
* Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted
explicit values for the field polynomial can lead to out-of-bounds memory
reads or writes.
Applications working with "exotic" explicit binary (GF(2^m)) curve
parameters, that make it possible to represent invalid field polynomials
with a zero constant term, via the above or similar APIs, may terminate
abruptly as a result of reading or writing outside of array bounds. Remote
code execution cannot easily be ruled out.
([CVE-2024-9143])
*Viktor Dukhovni*
|
