Headline
CVE-2023-27560: PrimeField: prevent infinite loop with composite primefields · phpseclib/phpseclib@6298d1c
Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop with composite primefields.
@@ -263,13 +263,13 @@ public function squareRoot()
$r = $this->value->powMod($temp, static::$modulo[$this->instanceID]);
while (!$t->equals($one)) {
$i = clone $one;
while (!$t->powMod($two->pow($i), static::$modulo[$this->instanceID])->equals($one)) {
$i = $i->add($one);
for ($i == clone $one; $i->compare($m) < 0; $i = $i->add($one)) {
if ($t->powMod($two->pow($i), static::$modulo[$this->instanceID])->equals($one)) {
break;
}
}
if ($i->compare($m) >= 0) {
if ($i->compare($m) == 0) {
return false;
}
$b = $c->powMod($two->pow($m->subtract($i)->subtract($one)), static::$modulo[$this->instanceID]);
Related news
Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop with composite primefields.