From 2b8cf53ae0e835c3223461ce68af2ff9a656d5f2 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Sun, 5 May 2024 03:05:33 -0400
Subject: [PATCH] Account for the cofactor when checking Hasse bound

Fixes #4041
---
 src/lib/pubkey/ec_group/ec_group.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
index 36f8233e4af..0393cb2a8fb 100644
--- a/src/lib/pubkey/ec_group/ec_group.cpp
+++ b/src/lib/pubkey/ec_group/ec_group.cpp
@@ -782,7 +782,7 @@ bool EC_Group::verify_group(RandomNumberGenerator& rng, bool strong) const {
    }
 
    // check the Hasse bound (roughly)
-   if((p - order).abs().bits() > (p.bits() / 2) + 1) {
+   if((p - get_cofactor() * order).abs().bits() > (p.bits() / 2) + 1) {
       return false;
    }