oss-sec mailing list archives
Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)
From: Casper Thomsen <ct () clearhaus com>
Date: Thu, 12 Jan 2017 11:15:44 +0100
On Tue, Jan 10, 2017 at 4:50 PM, Cesar Pereida Garcia <cesar.pereidagarcia () tut fi> wrote:
Vendor: OpenSSL, LibreSSL, BoringSSL
Noticed on https://nacl.cr.yp.to/features.html:
Support for standard primitives Whenever NaCl includes (...) a newly proposed signature system, etc., it also includes (...) [TO DO:] an older standard signature system (e.g., ECDSA using the NIST P-256 elliptic curve)
I couldn't find traces of ECDSA in NaCl and the "[TO DO]" suggest that there are in fact none. Anyone able to reject the "non-findings"? Kindly, -- Casper Thomsen
Current thread:
- CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Cesar Pereida Garcia (Jan 10)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Dan McDonald (Jan 10)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Huzaifa Sidhpurwala (Jan 11)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Casper Thomsen (Jan 12)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Dan McDonald (Jan 10)