CVE-2019-1547

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2s OpenSSL versions 1.1.0 through 1.1.0k OpenSSL versions 1.1.1 through 1.1.1c

Description The issue is related to the absence of encryption measures in the ec err.c and ec lib.c functions of the OpenSSL library. Normally, OpenSSL EC groups have a co-factor present, which is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of a named curve, which may not have the co-factor present. This can occur even when all parameters match a known named curve. If such a curve is used, OpenSSL falls back to non-side channel resistant code paths, which may result in full key recovery during an ECDSA signature operation. An attacker would need to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto.

Recommendations For OpenSSL versions 1.0.2 through 1.0.2s, update to version 1.0.2t. For OpenSSL versions 1.1.0 through 1.1.0k, update to version 1.1.0l. For OpenSSL versions 1.1.1 through 1.1.1c, update to version 1.1.1d.