Account for the cofactor when checking Hasse bound

Fixes #4041
randombit · May 5, 2024 · 2b8cf53 · 2b8cf53
1 parent 7eb9dbb
commit 2b8cf53
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
@@ -782,7 +782,7 @@ bool EC_Group::verify_group(RandomNumberGenerator& rng, bool strong) const {
    }
 
    // check the Hasse bound (roughly)
-   if((p - order).abs().bits() > (p.bits() / 2) + 1) {
+   if((p - get_cofactor() * order).abs().bits() > (p.bits() / 2) + 1) {
       return false;
    }