artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d37be0) | patch
Cap the number of iterations in ECDSA signing
authortb <tb@openbsd.org>
Sat, 4 Mar 2023 21:37:37 +0000 (21:37 +0000)
committertb <tb@openbsd.org>
Sat, 4 Mar 2023 21:37:37 +0000 (21:37 +0000)
commit0e40a4a32e25cab9ecc20364f76d0fbbeef213ce
tree0f72e6879aa6271d956cf51caee218e4345e6698tree | snapshot
parent0d37be089c4168552b05ab0ee6dc55db22e44b9fcommit | diff
Cap the number of iterations in ECDSA signing

ECDSA is essentially the same thing as DSA, except that it is slightly
less stupid. Signing specifies an infinite loop, which is only possible
with arbitrary ECDSA domain parameters. Fortunately, most use of ECDSA
in the wild is based on well-known groups, so it is known a priori that
the loop is not infinite. Still, infinite loops are bad. A retry is
unlikely, 32 retries have a probability of ~2^-8000. So it's pretty
safe to error out.

ok beck jsing
lib/libcrypto/ecdsa/ecs_ossl.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim