| This fixes a DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU. |
| |
| It was written by the Google Go language team. |
| |
| diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go |
| index 4fc2b5e521..c84657c5e3 100644 |
| --- a/src/crypto/elliptic/elliptic.go |
| +++ b/src/crypto/elliptic/elliptic.go |
| @@ -210,8 +210,9 @@ func (curve *CurveParams) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int, |
| |
| x3 := new(big.Int).Mul(alpha, alpha) |
| beta8 := new(big.Int).Lsh(beta, 3) |
| + beta8.Mod(beta8, curve.P) |
| x3.Sub(x3, beta8) |
| - for x3.Sign() == -1 { |
| + if x3.Sign() == -1 { |
| x3.Add(x3, curve.P) |
| } |
| x3.Mod(x3, curve.P) |