From fe6e81c08bc8b719639319d5ecf6c6d3efad1513 Mon Sep 17 00:00:00 2001 From: Andres Erbsen Date: Thu, 16 Mar 2017 21:18:03 -0400 Subject: Update crypto-defects.md https://blogs.adobe.com/security/2017/03/critical-vulnerability-uncovered-in-json-encryption.html --- crypto-defects.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'crypto-defects.md') diff --git a/crypto-defects.md b/crypto-defects.md index 057299b06..3ab75b959 100644 --- a/crypto-defects.md +++ b/crypto-defects.md @@ -20,4 +20,6 @@ appearing in our code. | [ic#237002094](https://github.com/mit-plv/fiat-crypto/pull/42#issuecomment-237002094) | Barrett reduction for p256 | 1 conditional subtraction instead of 2 | unkown if ok | | [openssl#1593](https://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest) | P384 modular reduction | carry handling | [exploitable](https://eprint.iacr.org/2011/633.pdf) | | [go#fa09811d](https://github.com/golang/crypto/commit/84e98f45760e87786b7f24603b8166a6fa09811d) | poly1305 reduction | AMD64 asm, missing subtraction of 3 | found quickly | +| [jose-adobe](https://blogs.adobe.com/security/2017/03/critical-vulnerability-uncovered-in-json-encryption.html) | ECDH-ES | 5 libraries | not onCurve | + Not covered in the above list: memory mismanagement (buffer overrun, use-after-free, uninitialized read, null dereference), timing attacks (branch, cache, instruction). While these issues are very important, there are good programming disciplines for avoiding them without verifying intricate details of the computation. -- cgit v1.2.3