CVE-2019-13628

Name of the Vulnerable Software and Affected Versions wolfSSL and wolfCrypt versions 4.0.0 and earlier

Description The issue is a timing side channel in ECDSA signature generation, which allows a local attacker to infer information about the nonces used and potentially recover the private key. This occurs because the scalar multiplication in ecc.c might leak the bit length, enabling a lattice attack. The attacker must be able to precisely measure the duration of signature operations.

Recommendations For wolfSSL and wolfCrypt versions 4.0.0 and earlier, consider configuring with --enable-fpecc, --enable-sp, or --enable-sp-math to mitigate the issue. As a temporary workaround, restrict access to the ecc.c scalar multiplication function to minimize the risk of exploitation.