ecc: Check the input length for the point.
3f48e3ea37ad
Actions

Description

ecc: Check the input length for the point.

* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Check the length
of valid point representation.

Backport the commit of master:

060c378c050e7ec6206358c681a313d6e1967dcf

In the use case of GnuPG, ECDH decryption for anonymous recipient may
try to decrypt with different curves. When the input data of
ephemeral key does not match one of the private key, it should return
GPG_ERR_INV_OBJ.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance

• gniibe

Authored on Apr 27 2021, 10:24 AM

Parents

rCa5799f1618aa: Fix previous commit

Branches

Unknown

Tags

Unknown

Event Timeline

• gniibe mentioned this in rC060c378c050e: ecc: Check the input length for the point..Apr 28 2021, 3:20 AM

• gniibe mentioned this in T5423: libgcrypt 1.8 ECDH.May 6 2021, 5:23 AM

• werner mentioned this in T5466: Release Libgcrypt 1.8.8.Jun 2 2021, 2:40 PM

• gniibe committed rC3f48e3ea37ad: ecc: Check the input length for the point. (authored by • gniibe).Apr 28 2021, 3:17 AM

Changes (1)

Path

Size

cipher/

ecc-misc.c

rC3f48e3ea37ad

View Options