diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-20 16:49:11 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-21 10:25:15 +0200 |
commit | 460ac3cad0a97a54f10e30e3d6ac0b649474536a (patch) | |
tree | 729507b263e6b4c5d3bec0921534e6bea1216ece | |
parent | 644ec1593efb6d296c611b28e47d8bbcb5e2ef08 (diff) | |
download | gnutls-tmp-oss-fuzz-fix.tar.gz |
_decode_pkcs8_eddsa_key: ensure that the key size read matches the curve sizetmp-oss-fuzz-fix
That is, in the newly introduced ed25519 keys we didn't check
whether the input size in the PKCS#8 file matched the curve
size.
Found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 4eabf0b5cd..23b27ec8c3 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -1058,6 +1058,10 @@ _decode_pkcs8_eddsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey, const c return gnutls_assert_val(ret); } + if (tmp.size != ce->size) { + gnutls_free(tmp.data); + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + } gnutls_free(pkey->params.raw_priv.data); pkey->params.algo = GNUTLS_PK_EDDSA_ED25519; pkey->params.raw_priv.data = tmp.data; @@ -1338,6 +1342,8 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, goto cleanup; } + /* This part is necessary to get the public key on certain algorithms. + * In the import above we only get the private key. */ result = _gnutls_pk_fixup(key->pk_algorithm, GNUTLS_IMPORT, &key->params); if (result < 0) { |