The backport commit rC3f48e3ea37ad: ecc: Check the input length for the point. doesn't work well, need to fix.
Description
Description
Details
Details
- External Link
- https://bugs.debian.org/987956
- Version
- 1.8
Revisions and Commits
Revisions and Commits
| rC libgcrypt | |||
| rC5632fa359a8c ecc: Check the input length for the point. | |||
| rCbd662c090bd4 ecc: Fix the previous commit. | |||
| rC5f814e8a4968 ecc: Fix the input length check for Montgomery curve. | |||
Related Objects
Related Objects
Event Timeline
Comment Actions
Note that the handling e part uses standard MPI in 1.8 (while it is done by opaque MPI in 1.9).
Suppose that the data is 33-byte with the prefix 0x40 (=='@'):
@ L1234567 89abcdef ghijklmn opqrstuM
The committed code assumes, it goes to:
Mutsrqpo nmlkjihg fedcba98 7654321L @
with returned rawmpilen = 33.
But actually, on 64-bit machine, it goes to:
Mutsrqpo nmlkjihg fedcba98 7654321L @_______
with length=40.
Comment Actions
FWIW, I think that it is a Bad Thing to use unreleased stuff from 1.8 for Debian packages. Only released versions sshould be used or patches we explicitly made to fix a bug. At the very least Andreas should have asked upstream whether this commit should be used for Sid.