From d6cb0fb1272292a52b5bc6b3a293fbf7ec043ca4 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Tue, 13 Nov 2018 22:49:26 +0100
Subject: _gnutls_x509_read_eddsa_pubkey(): sanity check the input values

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 lib/x509/key_decode.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index 02b381ec85..c20b841654 100644
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -38,8 +38,9 @@ static int _gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize,
 					gnutls_pk_params_st * params);
 static int _gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize,
 					gnutls_pk_params_st * params);
-static int _gnutls_x509_read_eddsa_pubkey(uint8_t * der, int dersize,
-					gnutls_pk_params_st * params);
+static int _gnutls_x509_read_eddsa_pubkey(gnutls_ecc_curve_t curve,
+					  uint8_t * der, int dersize,
+					  gnutls_pk_params_st * params);
 static int _gnutls_x509_read_gost_pubkey(uint8_t * der, int dersize,
 					gnutls_pk_params_st * params);
 
@@ -114,9 +115,14 @@ _gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize,
 					    &params->params[ECC_Y]);
 }
 
-int _gnutls_x509_read_eddsa_pubkey(uint8_t * der, int dersize,
+int _gnutls_x509_read_eddsa_pubkey(gnutls_ecc_curve_t curve,
+				   uint8_t * der, int dersize,
 				   gnutls_pk_params_st * params)
 {
+	int size = gnutls_ecc_curve_get_size(curve);
+	if (dersize != size)
+		return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+
 	return _gnutls_set_datum(&params->raw_pub, der, dersize);
 }
 
@@ -554,7 +560,7 @@ int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der,
 		}
 		break;
 	case GNUTLS_PK_EDDSA_ED25519:
-		ret = _gnutls_x509_read_eddsa_pubkey(der, dersize, params);
+		ret = _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED25519, der, dersize, params);
 		break;
 	case GNUTLS_PK_GOST_01:
 	case GNUTLS_PK_GOST_12_256:
-- 
cgit v1.2.1