Solutionunvalidated
The fix is to add a maximum iteration counter to the outer Tonelli-Shanks loop to prevent infinite loops when given invalid input parameters. — OpenSSL's patch adds a check to limit the maximum number of iterations of the outer while loop. Tension: a reasonable limit would be the number of bits in the prime (or a constant multiple thereof). Outcome: Additionally, stronger validation of the prime `p` parameter would help prevent this attack vector.
bdfa3587-17a5-4325-a365-2d669fac4538
The fix is to add a maximum iteration counter to the outer Tonelli-Shanks loop to prevent infinite loops when given invalid input parameters. — OpenSSL's patch adds a check to limit the maximum number of iterations of the outer while loop. Tension: a reasonable limit would be the number of bits in the prime (or a constant multiple thereof). Outcome: Additionally, stronger validation of the prime p parameter would help prevent this attack vector.