diff options
| author | Oleksandr Redko <oleksandr.red+github@gmail.com> | 2025-05-20 15:20:37 +0300 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2025-05-20 11:11:19 -0700 |
| commit | f757959e1acbdd4ea170d0aade63b4458b5c6846 (patch) | |
| tree | bd11d8df05b8469cbdca0bb0ac0e69d94627d4fb | |
| parent | 46ec55f6bb088ae1e053d6f1fa5b1dfd833446a9 (diff) | |
| download | go-x-website-f757959e1acbdd4ea170d0aade63b4458b5c6846.tar.xz | |
_content/blog/tob-crypto-audit: fix typo
Change-Id: I138053c3506c98e68f721539bd0c5b1036996cca
Reviewed-on: https://go-review.googlesource.com/c/website/+/674376
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
| -rw-r--r-- | _content/blog/tob-crypto-audit.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/_content/blog/tob-crypto-audit.md b/_content/blog/tob-crypto-audit.md index adf402a3..99f1cd07 100644 --- a/_content/blog/tob-crypto-audit.md +++ b/_content/blog/tob-crypto-audit.md @@ -36,7 +36,7 @@ All usages of this method operated on public inputs which are not considered sec ### `crypto/ecdsa`: P-256 conditional negation is not constant time in Power ISA assembly (TOB-GOCL-2, CVE-2025-22866) -Beyond the [first class Go platforms](/wiki/PortingPolicy#first-class-ports), Go also supports a number of additional platforms, including some less common architectures. During the review of our assembly implementations of various underlying cryptographic primitives, the Trail of Bits team found one issue that affected the ECDSA implementation on the ppcs64 and ppc64le architectures. +Beyond the [first class Go platforms](/wiki/PortingPolicy#first-class-ports), Go also supports a number of additional platforms, including some less common architectures. During the review of our assembly implementations of various underlying cryptographic primitives, the Trail of Bits team found one issue that affected the ECDSA implementation on the ppc64 and ppc64le architectures. Due to the usage of a conditional branching instruction in the implementation of the conditional negation of P-256 points, the function operated in variable-time, rather than constant-time, as expected. The fix for this was relatively simple, [replacing the conditional branching instruction](/cl/643735) with a pattern we already use elsewhere to conditionally select the correct result in constant time. We assigned this issue CVE-2025-22866. |