Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/elliptic: P-384 is not constant-time #11499

Open
coruus opened this issue Jul 1, 2015 · 2 comments

Comments

Projects
None yet
4 participants
@coruus
Copy link
Contributor

commented Jul 1, 2015

P-384, unlike P-224 and P-256, does not have a constant time implementation in the Go standard library. This has become substantially more problematic as a result of #9333, which merged support for TLS ciphersuites that are typically used with a P-384 certificate.

(P-521 also doesn't have a constant-time implementation, but no one really uses it for anything.)

@bradfitz

This comment has been minimized.

Copy link
Member

commented Jul 2, 2015

To @agl for triage.

@agl

This comment has been minimized.

Copy link
Contributor

commented Jul 2, 2015

It's quite true, but a lot of work and I've no plans to tackle it for now.

However, P-384 certificates are only used as intermediates (that I've observed). ECC certificates issued by CAs have, so far as I've seen, uniformly been P-256. Thus P-384 only matters for certificate verification and, in that case, constant-time behaviour is irrelevant.

@ianlancetaylor ianlancetaylor added this to the Unplanned milestone Jul 10, 2015

F21 added a commit to Boostport/kubernetes-vault that referenced this issue Nov 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.