Affected Users:
Users performing ECC or Ed25519 signature verification operations on devices that may be susceptible to fault injection attacks, particularly in security-critical applications such as secure boot implementations.
Summary:
A potential vulnerability to fault injection attacks was identified in wolfSSL’s ECC and Ed25519 signature verification operations. Fault injection is a sophisticated physical attack technique where an attacker deliberately introduces faults into a device’s operation through methods such as voltage glitching, clock manipulation, or electromagnetic interference. By inducing faults at precise moments during cryptographic operations, an attacker could potentially cause the verification process to incorrectly accept an invalid signature as valid. To address this vulnerability, wolfSSL version 5.7.6 introduces a new build option, –enable-faultharden, which adds additional hardening measures to help mitigate fault injection attacks during ECC and Ed25519 verify operations. This option implements extra sanity checks and validation steps to make fault injection attacks significantly more difficult to execute successfully. For more information about the fault injection attack the paper can be found here. We would like to thank Kevin from Fraunhofer AISEC for discovering and responsibly reporting this vulnerability to our team.
Recommendation:
For users performing ECC or Ed25519 signature verification operations on devices at risk of fault injection attacks, we recommend:
- Update to wolfSSL version 5.7.6 or later
- Enable the fault hardening option by building wolfSSL with the
--enable-faulthardenconfiguration flag
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now