summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_gen.c
diff options
context:
space:
mode:
authortb <>2022-03-29 14:03:12 +0000
committertb <>2022-03-29 14:03:12 +0000
commit89475160d42bc14609305f5d10c30b9f6042c4b0 (patch)
treef3eb1afef5a9f1e2847d1adc42bdfa0cefcf4a53 /src/lib/libcrypto/dsa/dsa_gen.c
parent5c5a9e687c0eb72164516557865831f499cc3e04 (diff)
downloadopenbsd-89475160d42bc14609305f5d10c30b9f6042c4b0.tar.gz
openbsd-89475160d42bc14609305f5d10c30b9f6042c4b0.tar.bz2
openbsd-89475160d42bc14609305f5d10c30b9f6042c4b0.zip
Bound cofactor in EC_GROUP_set_generator()
Instead of bounding only bounding the group order, also bound the cofactor using Hasse's theorem. This could probably be made a lot tighter since all curves of cryptographic interest have small cofactors, but for now this is good enough. A timeout found by oss-fuzz creates a "group" with insane parameters over a 40-bit field: the order is 14464, and the cofactor has 4196223 bits (which is obviously impossible by Hasse's theorem). These led to running an expensive loop in ec_GFp_simple_mul_ct() millions of times. Fixes oss-fuzz #46056 Diagnosed and fix joint with jsing ok inoguchi jsing (previous version)
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_gen.c')
0 files changed, 0 insertions, 0 deletions