-
Filippo Valsorda authored
If beta8 is unusually large, the addition loop might take a very long time to bring x3-beta8 back positive. This would lead to a DoS vulnerability in the implementation of the P-521 and P-384 elliptic curves that may let an attacker craft inputs to ScalarMult that consume excessive amounts of CPU. This fixes CVE-2019-6486. Fixes #29903 Change-Id: Ia969e8b5bf5ac4071a00722de9d5e4d856d8071a Reviewed-on: https://team-review.git.corp.google.com/c/399777Reviewed-by:
Adam Langley <agl@google.com> Reviewed-by:
Julie Qiu <julieqiu@google.com> Reviewed-on: https://go-review.googlesource.com/c/159218Reviewed-by:
Julie Qiu <julie@golang.org>
193c16a3
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| elliptic.go | ||
| elliptic_test.go | ||
| fuzz_test.go | ||
| p224.go | ||
| p224_test.go | ||
| p256.go | ||
| p256_asm.go | ||
| p256_asm_amd64.s | ||
| p256_asm_arm64.s | ||
| p256_asm_s390x.s | ||
| p256_generic.go | ||
| p256_s390x.go |