CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2022/04/07 11:37:25
Modified files: lib/libcrypto/ec: ec_lib.c lib/libcrypto/ecdsa: ecs_ossl.c Log message: Avoid infinite loop for custom curves of order 1 If a private key encoded with EC parameters happens to have order 1 and is used for ECDSA signatures, this causes an infinite loop since a random integer x in the interval [0,1) will be 0, so do ... while (x == 0); will loop indefinitely. Found and reported with a reproducer by Hanno Boeck. Helpful comments and analysis from David Benjamin. ok beck jsing