Daniel Bleichenbacher

Thanks, the test vectors should be invalid (not acceptable). I'll change this.

I'm adding more files for more curve/hash combination. I'm however not sure about ecdsa_secp384r1_sha256. This combination makes little sense since the security of the hash is weaker than the curve....

I'll add flags. Since the size of the flags and the size of nonce is encoded using 3 bits each in the block B0 encryption with invalid values is essentially...

The general plan is to split large files into more files based on curves or key size and leave odd cases in the unparametrisized file. ecdsa_test.java, ecdh_test.java are just too...

The role of ecdsa_test.json is not decided yet and a bit unclear. ecdsa_test.json had to be divided into multiple files because it became too large, so that a number of...

Sorry for not answering earlier. You are right. The current test checks just for one common implementation flaw: using modular exponentiation with a variable length exponent. OpenJdk CVE-2016-5548 and BouncyCastle...

Yup. Unfortunately, there is a chance that an implementer adds countermeasures that will not be detected by this test. The timing differences that are necessary for failing the tests are...

I can't really test this. Probably removing the compiler flag will help. I.e. in setup.py replacing line 41 extra_compile_args=['-mpclmul']) with extra_compile_args=[]) There is likely an some way to determine which...

Unfortunately, I don't have enough knowledge with setups. If I tried to fix this myself, I would likely break more than it would fix. Anyway here is a short explanation...

You don't need to do anything. The issue will be fixed by someone at Google who is more familiar with the project setup and who knows how to run all...