ecc: Check the input length for the point.
5632fa359a8c
Actions

Description

ecc: Check the input length for the point.

* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Check the length
of valid point representation.

In the use case of GnuPG, ECDH decryption for anonymous recipient may
try to decrypt with different curves. When the input data of
ephemeral key does not match one of the private key, it should return
GPG_ERR_INV_OBJ.

(cherry picked from commit 060c378c050e7ec6206358c681a313d6e1967dcf)
(cherry picked from commit 5f814e8a4968c01a7ffc7762bcaf3ce040594caf)

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
GnuPG-bug-id: T5423

Details

Provenance

• gniibe	Authored on May 6 2021, 6:06 AM
• werner	Committed on Aug 22 2021, 2:11 PM

Parents

rC7529b8e455e3: hwf-x86: fix use of wrong operand type

Branches

Unknown

Tags

Unknown

Tasks

T5423: libgcrypt 1.8 ECDH

Event Timeline

• werner committed rC5632fa359a8c: ecc: Check the input length for the point. (authored by • gniibe).Aug 22 2021, 2:11 PM

• werner added a task: T5423: libgcrypt 1.8 ECDH.Aug 22 2021, 3:23 PM

Changes (1)

Path

Size

cipher/

ecc-misc.c

rC5632fa359a8c

View Options