Merge pull request #194 from s3krit/libsecp256k1-timing

Flaw in Scalar::check_overflow allows side-channel timing attack
2025-12-30 00:03:57 +01:00 · 2019-10-14 08:22:15 -07:00
parent 8b3a5661db 0af6c80758
commit 2ea335249f
1 changed files with 18 additions and 0 deletions
--- a/crates/libsecp256k1/RUSTSEC-0000-0000.toml
+++ b/crates/libsecp256k1/RUSTSEC-0000-0000.toml
@@ -0,0 +1,18 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libsecp256k1"
+date = "2019-10-14"
+title = "Flaw in Scalar::check_overflow allows side-channel timing attack"
+description = """
+Versions of `libsecp256k1` prior to `0.3.1` did not execute
+Scalar::check_overflow in constant time.
+
+This allows an attacker to potentially leak information via a timing attack.
+
+The flaw was corrected by modifying Scalar::check_overflow to execute in
+constant time.
+"""
+patched_versions = [">= 0.3.1"]
+categories = ["crypto-failure"]
+keywords = ["crypto", "sidechannel"]
+functions = { "libsecp256k1::Scalar::check_overflow" = ["< 0.3.1"] }