Skip to content

crypto/elliptic: P-384 is not constant-time #11499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
coruus opened this issue Jul 1, 2015 · 3 comments
Closed

crypto/elliptic: P-384 is not constant-time #11499

coruus opened this issue Jul 1, 2015 · 3 comments
Labels
FrozenDueToAge
Milestone
Unplanned

Comments

@coruus
Copy link
Contributor

coruus commented Jul 1, 2015

P-384, unlike P-224 and P-256, does not have a constant time implementation in the Go standard library. This has become substantially more problematic as a result of #9333, which merged support for TLS ciphersuites that are typically used with a P-384 certificate.

(P-521 also doesn't have a constant-time implementation, but no one really uses it for anything.)
@coruus coruus mentioned this issue Jul 1, 2015
Open
@bradfitz
Copy link
Contributor

bradfitz commented Jul 2, 2015

To @agl for triage.

@agl
Copy link
Contributor

agl commented Jul 2, 2015

It's quite true, but a lot of work and I've no plans to tackle it for now.

However, P-384 certificates are only used as intermediates (that I've observed). ECC certificates issued by CAs have, so far as I've seen, uniformly been P-256. Thus P-384 only matters for certificate verification and, in that case, constant-time behaviour is irrelevant.

@ianlancetaylor ianlancetaylor added this to the Unplanned milestone Jul 10, 2015
@gtank gtank mentioned this issue Jun 17, 2016
Open
@pyramids pyramids mentioned this issue Aug 22, 2016
Closed
F21 added a commit to Boostport/kubernetes-vault that referenced this issue Nov 24, 2016
@F21
Use P- 256 curve for certificate generation because P-384 abd P-521 i…
dceefed 
…s currently unsafe. See golang/go#11499.
@coltonstapper coltonstapper mentioned this issue Mar 31, 2020
Closed
@coltonstapper coltonstapper mentioned this issue Apr 27, 2020
Open
@FiloSottile
Copy link
Contributor

Fixed in 93bab8a.

@rsc rsc unassigned agl Jun 23, 2022
@njavilas njavilas mentioned this issue Jul 31, 2022
Closed
@mholt mholt mentioned this issue Mar 22, 2023
Closed
@golang golang locked and limited conversation to collaborators Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
6 participants
@bradfitz @agl @coruus @FiloSottile @ianlancetaylor @gopherbot