diff options
| author |  Andres Erbsen <andres@krutt.org> | 2016-08-03 11:44:51 -0400 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2016-08-03 11:44:51 -0400 |
| commit | 392be259a0f813c7663d6962823117fa313122b1 (patch) | |
| tree | b43ff702dea683bfdcdc483ac39f9940f8112a13 /crypto-defects.md | |
| parent | 0ac4f106e6a4ab24492155b89f79ecd9d37f5d7a (diff) | |
Mention Barrett reduction opt. in crypto-defects.md
Diffstat (limited to 'crypto-defects.md')
| -rw-r--r-- | crypto-defects.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto-defects.md b/crypto-defects.md index a39064468..33d0a7c95 100644 --- a/crypto-defects.md +++ b/crypto-defects.md @@ -17,5 +17,5 @@ appearing in our code. | [CVE-2006-4339](https://web.archive.org/web/20071010042708/http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html) | RSA-PKCS-1 sig. verification | irrelevant | padding check | | [CVE-2014-3570](https://www.openssl.org/news/secadv/20150108.txt) | Bignum squaring | | | | [ref/sc25519.c:84](https://github.com/floodyberry/supercop/blob/master/crypto_sign/ed25519/ref/sc25519.c#L84) | x mod (order of Curve25519) | Barrett reduction (code is likely correct) | "XXX" comment | - +| [ic#237002094](https://github.com/mit-plv/fiat-crypto/pull/42#issuecomment-237002094) | Barrett reduction for p256 | 1 conditional subtraction instead of 2 | unkown if ok | Not covered in the above list: memory mismanagement (buffer overrun, use-after-free, uninitialized read, null dereference), timing attacks (branch, cache, instruction). While these issues are very important, there are good programming disciplines for avoiding them without verifying intricate details of the computation. |