From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 20 Jul 2017 14:49:11 +0000 (+0200)
Subject: _decode_pkcs8_eddsa_key: ensure that the key size read matches the curve size
X-Git-Tag: gnutls_3_6_0~273
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fae0a53388115ea429c752c1a958db85dbc402bb;p=thirdparty%2Fgnutls.git

_decode_pkcs8_eddsa_key: ensure that the key size read matches the curve size

That is, in the newly introduced ed25519 keys we didn't check
whether the input size in the PKCS#8 file matched the curve
size.

Found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 620357110f..e5d14a7c8d 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1056,6 +1056,10 @@ _decode_pkcs8_eddsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey, const c
 			return gnutls_assert_val(ret);
 		}
 
+		if (tmp.size != ce->size) {
+			gnutls_free(tmp.data);
+			return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+		}
 		gnutls_free(pkey->params.raw_priv.data);
 		pkey->params.algo = GNUTLS_PK_EDDSA_ED25519;
 		pkey->params.raw_priv.data = tmp.data;
@@ -1334,6 +1338,8 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key,
 		goto cleanup;
 	}
 
+	/* This part is necessary to get the public key on certain algorithms.
+	 * In the import above we only get the private key. */
 	result =
 	    _gnutls_pk_fixup(key->pk_algorithm, GNUTLS_IMPORT, &key->params);
 	if (result < 0) {