Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/elliptic: P-384 is not constant-time #11499

coruus opened this issue Jul 1, 2015 · 2 comments


None yet
4 participants
Copy link

commented Jul 1, 2015

P-384, unlike P-224 and P-256, does not have a constant time implementation in the Go standard library. This has become substantially more problematic as a result of #9333, which merged support for TLS ciphersuites that are typically used with a P-384 certificate.

(P-521 also doesn't have a constant-time implementation, but no one really uses it for anything.)


This comment has been minimized.

Copy link

commented Jul 2, 2015

To @agl for triage.


This comment has been minimized.

Copy link

commented Jul 2, 2015

It's quite true, but a lot of work and I've no plans to tackle it for now.

However, P-384 certificates are only used as intermediates (that I've observed). ECC certificates issued by CAs have, so far as I've seen, uniformly been P-256. Thus P-384 only matters for certificate verification and, in that case, constant-time behaviour is irrelevant.

@ianlancetaylor ianlancetaylor added this to the Unplanned milestone Jul 10, 2015

F21 added a commit to Boostport/kubernetes-vault that referenced this issue Nov 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.