diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2022-03-29 14:03:13 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-03-29 14:03:13 +0000 |
commit | 7607f3b4d1535e9d7084055e8bbcc80c89d49e87 (patch) | |
tree | 1f4de6f7f391a103e6c05a471f11273a355021fb /usr.bin/bgplg | |
parent | f28cdedd0fae81405c7695840065cb0bfc39f32a (diff) |
Bound cofactor in EC_GROUP_set_generator()
Instead of bounding only bounding the group order, also bound the
cofactor using Hasse's theorem. This could probably be made a lot
tighter since all curves of cryptographic interest have small
cofactors, but for now this is good enough.
A timeout found by oss-fuzz creates a "group" with insane parameters
over a 40-bit field: the order is 14464, and the cofactor has 4196223
bits (which is obviously impossible by Hasse's theorem). These led to
running an expensive loop in ec_GFp_simple_mul_ct() millions of times.
Fixes oss-fuzz #46056
Diagnosed and fix joint with jsing
ok inoguchi jsing (previous version)
Diffstat (limited to 'usr.bin/bgplg')
0 files changed, 0 insertions, 0 deletions