summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2018-11-13 09:24:06 +0100
committerNikos Mavrogiannopoulos <nmav@redhat.com>2018-11-15 13:43:10 +0100
commitedeea341813d3cad544a2e089ef8192711ac79aa (patch)
treee8a538999b4c7636f67aa9813ec4d4c91ddc19e1
parent123c57a0ad9585e49a24ca72353c01dda26ef96f (diff)
downloadgnutls-edeea341813d3cad544a2e089ef8192711ac79aa.tar.gz
gnutls_x509_privkey_import_ecc_raw(): fail on invalid sizes
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r--lib/pubkey.c6
-rw-r--r--lib/x509/privkey.c7
-rw-r--r--tests/key-import-export.c5
-rw-r--r--tests/pubkey-import-export.c5
4 files changed, 23 insertions, 0 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c
index c8ae879265..aad40beacc 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -1417,6 +1417,12 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
gnutls_pk_params_init(&key->params);
if (curve_is_eddsa(curve)) {
+ unsigned size = gnutls_ecc_curve_get_size(curve);
+ if (x->size != size) {
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ goto cleanup;
+ }
+
ret = _gnutls_set_datum(&key->params.raw_pub, x->data, x->size);
if (ret < 0) {
gnutls_assert();
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index a9ce8475fd..1c52ab3a0f 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1115,8 +1115,15 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key,
key->params.curve = curve;
if (curve_is_eddsa(curve)) {
+ unsigned size;
key->params.algo = GNUTLS_PK_EDDSA_ED25519;
+ size = gnutls_ecc_curve_get_size(curve);
+ if (x->size != size || k->size != size) {
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ goto cleanup;
+ }
+
ret = _gnutls_set_datum(&key->params.raw_pub, x->data, x->size);
if (ret < 0) {
gnutls_assert();
diff --git a/tests/key-import-export.c b/tests/key-import-export.c
index 8fdea07f95..47b8804c32 100644
--- a/tests/key-import-export.c
+++ b/tests/key-import-export.c
@@ -431,6 +431,11 @@ int check_privkey_import_export(void)
if (ret < 0)
fail("error\n");
+ /* test whether an invalid size would fail */
+ ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_rsa_m, NULL, &_rsa_m);
+ if (ret != GNUTLS_E_INVALID_REQUEST)
+ fail("error\n");
+
ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL, &_ed25519_k);
if (ret < 0)
fail("error\n");
diff --git a/tests/pubkey-import-export.c b/tests/pubkey-import-export.c
index 0f32537b94..46bfb729d9 100644
--- a/tests/pubkey-import-export.c
+++ b/tests/pubkey-import-export.c
@@ -276,6 +276,11 @@ int check_pubkey_import_export(void)
if (ret < 0)
fail("error\n");
+ /* test whether an invalid size would fail */
+ ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_rsa_m, NULL);
+ if (ret != GNUTLS_E_INVALID_REQUEST)
+ fail("error\n");
+
ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL);
if (ret < 0)
fail("error\n");