Contributed by grey on from the LibreSSL fixed many of the bugs, let's patch some more! dept.
A source code patch exists which remedies this problem:
This is related to CVE-2016-7056 "ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)" Additional details can be read here: http://seclists.org/oss-sec/2017/q1/52
Thanks to M:Tier https://stable.mtier.org for raising awareness on this patch.
(Comments are closed)