Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 605414 (CVE-2016-7056)

Summary: [TRACKER] ECDSA P-256 timing attack key recovery (CVE-2016-7056)
Product: Gentoo Security Reporter: Thomas Deutschmann <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal Keywords: Tracker
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 605416, 605418    
Bug Blocks:    

Description Thomas Deutschmann gentoo-dev Security 2017-01-11 21:51:23 UTC
The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve operations and modular inversion. A software defect omits setting the BN_FLG_CONSTTIME flag for nonces, failing to take a secure code path in the BN_mod_inverse method and therefore resulting in a cache-timing attack vulnerability. A malicious user with local access can recover ECDSA P-256 private keys.


References:

http://seclists.org/oss-sec/2017/q1/52
http://eprint.iacr.org/2016/1195
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-01-21 02:36:53 UTC
All dependent bugs closed.