[PATCH] g10: Fix ECDH secret compressed/uncompressed format

Arnaud Fontaine arnaud.fontaine at ssi.gouv.fr
Tue Oct 25 09:22:11 CEST 2016

Le 25/10/2016 08:48, Werner Koch a écrit :
> On Mon, 24 Oct 2016 11:43, arnaud.fontaine at ssi.gouv.fr said:
>> +        /* Un-compressed format expected, so it must start with 04 */
>> +        log_assert (secret_x[0] == (byte)0x04);
> SECRET_X is user provided data and thus you can't use assert here but
> must return a proper error.
There is an assert for the length of this input in the existing code, that's why
I also used an assert.

> Can you please give examples why you need this patch?
As depicted by the name of the variable, it should contain the shared secret
computed by both parts following the ECDH algorithm, which is the x coordinate
only, not the coordinate pair (x,y). The existing code extracts the x coordinate
from the coordinate pair, but giving only the x coordinate should be also be ok.

>> +    else
>> +      {
>> +        /* Compressed format expected, without leading zeros */
>> +        if (nbytes < secret_x_size)
> Please use an "else if ()" here.
Well, I am sorry but I don't see what test can be done here.

More information about the Gnupg-devel mailing list