oss-sec mailing list archives
Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)
From: Dan McDonald <danmcd () omniti com>
Date: Tue, 10 Jan 2017 11:17:45 -0500
On Jan 10, 2017, at 10:50 AM, Cesar Pereida Garcia <cesar.pereidagarcia () tut fi> wrote: Mitigation: Users of OpenSSL with the affected versions should apply the patch available in the manuscript at [1].
You should just mail the patch to this list. I'm having a hard time copying/pasting the uuencoded blob from your paper, Cesar. Thanks, Dan
Current thread:
- CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Cesar Pereida Garcia (Jan 10)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Dan McDonald (Jan 10)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Huzaifa Sidhpurwala (Jan 11)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Casper Thomsen (Jan 12)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Dan McDonald (Jan 10)