Page MenuHome GnuPG

libgcrypt 1.8 ECDH
Closed, ResolvedPublic

Description

The backport commit rC3f48e3ea37ad: ecc: Check the input length for the point. doesn't work well, need to fix.

Details

External Link
https://bugs.debian.org/987956
Version
1.8

Event Timeline

gniibe triaged this task as High priority.May 6 2021, 5:23 AM
gniibe created this task.

Note that the handling e part uses standard MPI in 1.8 (while it is done by opaque MPI in 1.9).

Suppose that the data is 33-byte with the prefix 0x40 (=='@'):

@ L1234567 89abcdef ghijklmn opqrstuM

The committed code assumes, it goes to:

Mutsrqpo nmlkjihg fedcba98 7654321L @

with returned rawmpilen = 33.

But actually, on 64-bit machine, it goes to:

Mutsrqpo nmlkjihg fedcba98 7654321L @_______

with length=40.

werner added a subscriber: werner.

FWIW, I think that it is a Bad Thing to use unreleased stuff from 1.8 for Debian packages. Only released versions sshould be used or patches we explicitly made to fix a bug. At the very least Andreas should have asked upstream whether this commit should be used for Sid.