Home GnuPG

ecc: Check the input length for the point.

Description

ecc: Check the input length for the point.

* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Check the length
of valid point representation.

Backport the commit of master:

060c378c050e7ec6206358c681a313d6e1967dcf

In the use case of GnuPG, ECDH decryption for anonymous recipient may
try to decrypt with different curves. When the input data of
ephemeral key does not match one of the private key, it should return
GPG_ERR_INV_OBJ.

  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Apr 27 2021, 10:24 AM
Parents
rCa5799f1618aa: Fix previous commit
Branches
Unknown
Tags
Unknown