Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 11:15:44 +0100
From: Casper Thomsen <>
Subject: Re: CVE-2016-7056 ECDSA P-256 timing attack key
 recovery (OpenSSL, LibreSSL, BoringSSL)

On Tue, Jan 10, 2017 at 4:50 PM, Cesar Pereida Garcia
<> wrote:
> Vendor: OpenSSL, LibreSSL, BoringSSL

Noticed on

> Support for standard primitives
> Whenever NaCl includes (...) a newly proposed signature system, etc., it also includes (...) [TO DO:] an older standard signature system (e.g., ECDSA using the NIST P-256 elliptic curve)

I couldn't find traces of ECDSA in NaCl and the "[TO DO]" suggest that
there are in fact none.

Anyone able to reject the "non-findings"?

Casper Thomsen

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ