OpenSSL Timing Side-Channel Vulnerability in SM2 Algorithm on 64-bit ARM Platforms

A timing side-channel vulnerability has been identified in the SM2 algorithm implementation within OpenSSL, specifically on 64-bit ARM platforms. This vulnerability could potentially allow remote recovery of the private key by an attacker, although such an attack has not been attempted. The issue arises during SM2 signature computations, where timing measurements have revealed a signal that may facilitate key recovery. While OpenSSL does not natively support SM2 keys in TLS certificates, this vulnerability could be exploited in custom provider contexts where such support is added, making it a moderate severity issue.

Impact

Exploitation of this vulnerability could lead to the remote recovery of private keys used in SM2 algorithm computations, allowing an attacker to impersonate the key owner or decrypt sensitive information.

Remediation

Users of OpenSSL 3.5 should upgrade to version 3.5.4. Users of OpenSSL 3.4 should upgrade to 3.4.3. Users of OpenSSL 3.3 should upgrade to 3.3.5. Users of OpenSSL 3.2 should upgrade to 3.2.6.