diff options
| author |  Andres Erbsen <andreser@mit.edu> | 2017-07-02 09:51:43 -0400 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2017-07-02 09:51:43 -0400 |
| commit | df60c17cd85f03b156aa4ef612f766281a610662 (patch) | |
| tree | ac39ce13e3f3992cab9c318938d61ada2c0bdb34 /crypto-defects.md | |
| parent | 2662a806fbc619ac573d5a8ab6c525b2157c8c56 (diff) | |
crypto-defects.md: analyze CVE-2014-3570
Diffstat (limited to 'crypto-defects.md')
| -rw-r--r-- | crypto-defects.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto-defects.md b/crypto-defects.md index 8a0611f52..9f42f4513 100644 --- a/crypto-defects.md +++ b/crypto-defects.md @@ -15,7 +15,7 @@ appearing in our code. | [donna#8edc799f](https://github.com/agl/curve25519-donna/commit/2647eeba59fb628914c79ce691df794a8edc799f) | F25519 internal to wire | 32-bit pseudo-Mersenne, C | non-canonical | | [end-to-end#340](https://github.com/google/end-to-end/issues/340) | Curve25519 library | twisted Edwards coordinates | (0, 1) = ∞ | | [CVE-2006-4339](https://web.archive.org/web/20071010042708/http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html) | RSA-PKCS-1 sig. verification | irrelevant | padding check | -| [CVE-2014-3570](https://www.openssl.org/news/secadv/20150108.txt) | Bignum squaring | | | +| [CVE-2014-3570](https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0) | Bignum squaring | asm | limb overflow | | [ref/sc25519.c:84](https://github.com/floodyberry/supercop/blob/master/crypto_sign/ed25519/ref/sc25519.c#L84) | x mod (order of Curve25519) | Barrett reduction (code is likely correct) | "XXX" comment | | [ic#237002094](https://github.com/mit-plv/fiat-crypto/pull/42#issuecomment-237002094) | Barrett reduction for p256 | 1 conditional subtraction instead of 2 | unkown if ok | | [openssl#1593](https://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest) | P384 modular reduction | carry handling | [exploitable](https://eprint.iacr.org/2011/633.pdf) | |