Bug 709021 (CVE-2011-1945) - CVE-2011-1945 openssl: ECDSA private key leak through a remote timing attack
Summary: CVE-2011-1945 openssl: ECDSA private key leak through a remote timing attack
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2011-1945
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-30 12:21 UTC by Tomas Hoger
Modified: 2021-02-24 15:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-30 12:23:13 UTC


Attachments (Terms of Use)

Description Tomas Hoger 2011-05-30 12:21:21 UTC
Billy Bob Brumley and Nicola Tuveri discovered an attack against OpenSSL's implementation of the ECDSA signature algorithm.  They succeeded in remotely obtaining a private key of a TLS server using ECDSA.  The details can be found in their paper "Remote Timing Attacks are Still Practical":

http://eprint.iacr.org/2011/232
http://eprint.iacr.org/2011/232.pdf

http://www.kb.cert.org/vuls/id/536044

A fix based proposed by paper authors was committed to upstream CVS:
http://cvs.openssl.org/chngview?cn=20892

However, there have been some concerns raised about the reversed #ifdef / #ifndef:
http://marc.info/?l=openssl-dev&m=130650560927163&w=2

Acknowledgement:

Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Billy Bob Brumley and Nicola Tuveri as the original reporters.

Comment 1 Tomas Hoger 2011-05-30 12:23:13 UTC
Statement:

Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, as they do not include the support for the elliptic curve cryptography.

Comment 2 Vincent Danen 2011-05-31 21:40:31 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1945 to
the following vulnerability:

Name: CVE-2011-1945
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1945
Assigned: 20110509
Reference: http://eprint.iacr.org/2011/232.pdf
Reference: http://www.kb.cert.org/vuls/id/MAPG-8FENZ3
Reference: CERT-VN:VU#536044
Reference: http://www.kb.cert.org/vuls/id/536044

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and
earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA)
is used for the ECDHE_ECDSA cipher suite, does not properly implement
curves over binary fields, which makes it easier for context-dependent
attackers to determine private keys via a timing attack and a lattice
calculation.


Note You need to log in before you can comment on or make changes to this bug.