Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251014204248.659865b9@hboeck.de>
Date: Tue, 14 Oct 2025 20:42:48 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: BoringSSL private key loading is not constant
 time

Hi David,

Thanks for the explanation. At least for me, this is different from how
I initially interpreted this issue.

It would appear that the ideal solution would be to phaseout such
malencoded EC keys. Do you have any idea how prevalent they are, and
which implementations created them?

I wonder if there are steps that can be done to get to a deprecation.

Applications could emit warnings when loading such keys, and APIs could
provide an optional flag that rejects them if application programmers
want that. That could lead to a detection of existing such keys and
ideally remaining implementations creating them would be recognized
and fixed. Possibly, this could allow deprecation in a few years.

Any thoughts on that? Any implementors of EC key using software that
might want to go in that direction?


-- 
Hanno Böck
https://hboeck.de/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.