Home GnuPG

ecc: Check the input length for the point.

Description

ecc: Check the input length for the point.

* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Check the length
of valid point representation.

In the use case of GnuPG, ECDH decryption for anonymous recipient may
try to decrypt with different curves. When the input data of
ephemeral key does not match one of the private key, it should return
GPG_ERR_INV_OBJ.

  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Apr 27 2021, 10:24 AM
Parents
rCe866c01e645d: keccak: add hash_buffers functions for SHAKE128 & SHAKE256
Branches
Unknown
Tags
Unknown