[Bug]: Should update openssl to 3.4.1 for CVE-2024-13176 #10664
Assignees
Labels
package:cryptopkg
priority:low
Little to no impact. No urgency to fix.
state:needs-triage
type:bug
Something isn't working
Comments
github-actions
bot
added
package:cryptopkg
priority:low
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Bug Type
Code first?
What packages are impacted?
CryptoPkg
Which targets are impacted by this bug?
DEBUG, NOOPT, RELEASE
Current Behavior
Current openssl version is 3.4.0
Expected Behavior
update openssl to 3.4.1
Steps To Reproduce
Nope
Build Environment
Version Information
Urgency
Low
Are you going to fix this?
I will fix it
Do you need maintainer feedback?
No maintainer feedback needed
Anything else?
https://openssl-library.org/news/secadv/20250120.txt
CryptoPkg currently supports ECDSA Sign of NIST P-521, so this problem will affect EDK2 code.
Edk2\CryptoPkg\Include\Library\BaseCryptLib.h L28:
#define CRYPTO_NID_SECP521R1 0x0206
Edk2\CryptoPkg\Library\BaseCryptLib\Pk\CryptEc.c L800:
EFIAPI
EcDsaSign (
The text was updated successfully, but these errors were encountered: