Cap the number of iterations in ECDSA signing - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2023-03-04 21:37:37 +0000
committer	tb <>	2023-03-04 21:37:37 +0000
commit	baab9c01fb37087a0526edeaef01a30a05bd06a4 (patch)
tree	7e6dcc972785d6113ee7a5192dbc3534af739346 /src/lib/libcrypto/dsa/dsa_ameth.c
parent	0b0f128bcf324942bdf04b0afe8df296e9d7abc9 (diff)
download	openbsd-baab9c01fb37087a0526edeaef01a30a05bd06a4.tar.gz openbsd-baab9c01fb37087a0526edeaef01a30a05bd06a4.tar.bz2 openbsd-baab9c01fb37087a0526edeaef01a30a05bd06a4.zip

Cap the number of iterations in ECDSA signing

ECDSA is essentially the same thing as DSA, except that it is slightly less stupid. Signing specifies an infinite loop, which is only possible with arbitrary ECDSA domain parameters. Fortunately, most use of ECDSA in the wild is based on well-known groups, so it is known a priori that the loop is not infinite. Still, infinite loops are bad. A retry is unlikely, 32 retries have a probability of ~2^-8000. So it's pretty safe to error out. ok beck jsing

Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ameth.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: