Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Tue, 22 Jan 2019 21:02:41 +0000 (16:02 -0500)
committer	Filippo Valsorda <filippo@golang.org>
	Wed, 23 Jan 2019 22:01:56 +0000 (22:01 +0000)
commit	193c16a3648b8670a762e925b6ac6e074f468a20
tree	3a37276359c683e8270394e562b281f894c9c3cf	tree
parent	1e450aa2f208046aab0628e024a70c5193559fe7	commit \| diff

crypto/elliptic: reduce subtraction term to prevent long busy loop

If beta8 is unusually large, the addition loop might take a very long
time to bring x3-beta8 back positive.

This would lead to a DoS vulnerability in the implementation of the
P-521 and P-384 elliptic curves that may let an attacker craft inputs
to ScalarMult that consume excessive amounts of CPU.

This fixes CVE-2019-6486.

Fixes #29903

Change-Id: Ia969e8b5bf5ac4071a00722de9d5e4d856d8071a
Reviewed-on: https://team-review.git.corp.google.com/c/399777
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://go-review.googlesource.com/c/159218
Reviewed-by: Julie Qiu <julie@golang.org>