FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openssl -- timing attack vulnerability

Affected packages
openssl < 1.0.2
libressl < 2.4.4_1
libressl-devel < 2.5.0_1

Details

VuXML ID 7caebe30-d7f1-11e6-a9a5-b499baebfeaf
Discovery 2017-01-10
Entry 2017-01-11
Modified 2017-01-11

Cesar Pereida Garcia reports:

The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve operations and modular inversion. A software defect omits setting the BN_FLG_CONSTTIME flag for nonces, failing to take a secure code path in the BN_mod_inverse method and therefore resulting in a cache-timing attack vulnerability.
A malicious user with local access can recover ECDSA P-256 private keys.

References

CVE Name CVE-2016-7056
URL http://seclists.org/oss-sec/2017/q1/52