Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 11:15:44 +0100
From: Casper Thomsen <>
Subject: Re: CVE-2016-7056 ECDSA P-256 timing attack key
 recovery (OpenSSL, LibreSSL, BoringSSL)

On Tue, Jan 10, 2017 at 4:50 PM, Cesar Pereida Garcia
<> wrote:
> Vendor: OpenSSL, LibreSSL, BoringSSL

Noticed on

> Support for standard primitives
> Whenever NaCl includes (...) a newly proposed signature system, etc., it also includes (...) [TO DO:] an older standard signature system (e.g., ECDSA using the NIST P-256 elliptic curve)

I couldn't find traces of ECDSA in NaCl and the "[TO DO]" suggest that
there are in fact none.

Anyone able to reject the "non-findings"?

Casper Thomsen

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.