diff options
author | Andres Erbsen <andreser@mit.edu> | 2017-05-20 15:02:30 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-05-20 15:02:30 -0400 |
commit | af94320f81cfb36bf642adb6a9da248052943ea9 (patch) | |
tree | 87ab0a5450a0c45ec80311f675d3d613f22fa427 /crypto-defects.md | |
parent | 7c66d2cbe064373e6c648f9a3aa017abe1681864 (diff) |
Update crypto-defects.md
Diffstat (limited to 'crypto-defects.md')
-rw-r--r-- | crypto-defects.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto-defects.md b/crypto-defects.md index 5c14bf55a..ebf1845b3 100644 --- a/crypto-defects.md +++ b/crypto-defects.md @@ -28,6 +28,8 @@ appearing in our code. | [openssl#59dfcabf](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e3057a57caf4274ea1fb074518e4714059dfcabf;ds=sidebyside) | Weier. affine <-> Jacobian | Montgomery form, AMD64 and C | ∞ confusion | | [openssl#a970db05](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbe9769ba66ab2512678a87b0d9b266ba970db05;ds=sidebyside) | Poly1305 | Lazy reduction in x86 asm | lost bit 59 | | [openssl#6825d74b](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ea8ae5090f557fea2e5b4d5758b10566825d74b;ds=sidebyside) | Poly1305 | AVX2 addition and reduction | bounds? | +| [openssl#74acf42c](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4b8736a22e758c371bc2f8b3534dc0c274acf42c;ds=sidebyside) | Poly1305 | multiple implementations | incorrect carrying | + Not covered in the above list: memory mismanagement (buffer overrun, use-after-free, uninitialized read, null dereference), timing attacks (branch, cache, instruction). While these issues are very important, there are good programming disciplines for avoiding them without verifying intricate details of the computation. |