Closed zapu closed 6 years ago
Specially crafted PGP message bundle could cause panic when X coordinate of curve25519 shared encryption key was less than 32 bytes.
Can we get this merged upstream? It is just PGP or can it happen outside of PGP?
It's just PGP and only our fork, upstream does not have cv25519 support. Entirely my fault for not checking buffer sizes as well.
Specially crafted PGP message bundle could cause panic when X coordinate of curve25519 shared encryption key was less than 32 bytes.