Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[release-branch.go1.10-security] crypto/elliptic: reduce subtraction …
…term to prevent long busy loop If beta8 is unusually large, the addition loop might take a very long time to bring x3-beta8 back positive. This would lead to a DoS vulnerability in the implementation of the P-521 and P-384 elliptic curves that may let an attacker craft inputs to ScalarMult that consume excessive amounts of CPU. This fixes CVE-2019-6486. Change-Id: Ia969e8b5bf5ac4071a00722de9d5e4d856d8071a Reviewed-on: https://team-review.git.corp.google.com/c/399777 Reviewed-by: Adam Langley <[email protected]> Reviewed-by: Julie Qiu <[email protected]> (cherry picked from commit 746d6abe2dfb9ce7609f8e1e1a8dcb7e221f423e) Reviewed-on: https://team-review.git.corp.google.com/c/401143 Reviewed-by: Filippo Valsorda <[email protected]>
- Loading branch information