diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-11-13 09:24:06 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-11-15 13:43:10 +0100 |
| commit | edeea341813d3cad544a2e089ef8192711ac79aa (patch) | |
| tree | e8a538999b4c7636f67aa9813ec4d4c91ddc19e1 | |
| parent | 123c57a0ad9585e49a24ca72353c01dda26ef96f (diff) | |
| download | gnutls-edeea341813d3cad544a2e089ef8192711ac79aa.tar.gz | |
gnutls_x509_privkey_import_ecc_raw(): fail on invalid sizes
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/pubkey.c | 6 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 7 | ||||
| -rw-r--r-- | tests/key-import-export.c | 5 | ||||
| -rw-r--r-- | tests/pubkey-import-export.c | 5 |
4 files changed, 23 insertions, 0 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index c8ae879265..aad40beacc 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -1417,6 +1417,12 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, gnutls_pk_params_init(&key->params); if (curve_is_eddsa(curve)) { + unsigned size = gnutls_ecc_curve_get_size(curve); + if (x->size != size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + ret = _gnutls_set_datum(&key->params.raw_pub, x->data, x->size); if (ret < 0) { gnutls_assert(); diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index a9ce8475fd..1c52ab3a0f 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1115,8 +1115,15 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, key->params.curve = curve; if (curve_is_eddsa(curve)) { + unsigned size; key->params.algo = GNUTLS_PK_EDDSA_ED25519; + size = gnutls_ecc_curve_get_size(curve); + if (x->size != size || k->size != size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + ret = _gnutls_set_datum(&key->params.raw_pub, x->data, x->size); if (ret < 0) { gnutls_assert(); diff --git a/tests/key-import-export.c b/tests/key-import-export.c index 8fdea07f95..47b8804c32 100644 --- a/tests/key-import-export.c +++ b/tests/key-import-export.c @@ -431,6 +431,11 @@ int check_privkey_import_export(void) if (ret < 0) fail("error\n"); + /* test whether an invalid size would fail */ + ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_rsa_m, NULL, &_rsa_m); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("error\n"); + ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL, &_ed25519_k); if (ret < 0) fail("error\n"); diff --git a/tests/pubkey-import-export.c b/tests/pubkey-import-export.c index 0f32537b94..46bfb729d9 100644 --- a/tests/pubkey-import-export.c +++ b/tests/pubkey-import-export.c @@ -276,6 +276,11 @@ int check_pubkey_import_export(void) if (ret < 0) fail("error\n"); + /* test whether an invalid size would fail */ + ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_rsa_m, NULL); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("error\n"); + ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL); if (ret < 0) fail("error\n"); |