Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 605414 (CVE-2016-7056) - [TRACKER] ECDSA P-256 timing attack key recovery (CVE-2016-7056)
Summary: [TRACKER] ECDSA P-256 timing attack key recovery (CVE-2016-7056)
Status: RESOLVED FIXED
Alias: CVE-2016-7056
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords: Tracker
Depends on: 605416 605418
Blocks:
  Show dependency tree
 
Reported: 2017-01-11 21:51 UTC by Thomas Deutschmann (RETIRED)
Modified: 2018-01-21 02:36 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-11 21:51:23 UTC
The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve operations and modular inversion. A software defect omits setting the BN_FLG_CONSTTIME flag for nonces, failing to take a secure code path in the BN_mod_inverse method and therefore resulting in a cache-timing attack vulnerability. A malicious user with local access can recover ECDSA P-256 private keys.


References:

http://seclists.org/oss-sec/2017/q1/52
http://eprint.iacr.org/2016/1195
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-01-21 02:36:53 UTC
All dependent bugs closed.