CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2022/04/07 11:37:25
Modified files:
lib/libcrypto/ec: ec_lib.c
lib/libcrypto/ecdsa: ecs_ossl.c
Log message:
Avoid infinite loop for custom curves of order 1
If a private key encoded with EC parameters happens to have
order 1 and is used for ECDSA signatures, this causes an
infinite loop since a random integer x in the interval [0,1)
will be 0, so do ... while (x == 0); will loop indefinitely.
Found and reported with a reproducer by Hanno Boeck.
Helpful comments and analysis from David Benjamin.
ok beck jsing
