pkcs11_write: Copy data to avoid double-free crashes and properly encode EC_POINT attribute

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
author: Jakub Jelen <jjelen@redhat.com> 2020-02-28 18:40:42 +0100
committer: Jakub Jelen <jjelen@redhat.com> 2020-03-18 09:31:42 +0100
commit: 45a3f29fc37111d4f78138f1b069ca6fdee74189 (patch)
tree: 38f017abae1f2a6822579c1c7883ce2c70b1b3aa /lib
parent: 287f02228ed659ba0912e4359fb20171cd47ccb1 (diff)
download: gnutls-45a3f29fc37111d4f78138f1b069ca6fdee74189.tar.gz
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index ab740dcd62..3ce794b076 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -358,7 +358,7 @@ static int add_pubkey(gnutls_pubkey_t pubkey, struct ck_attribute *a, unsigned *
 		break;
 	}
 	case GNUTLS_PK_EDDSA_ED25519: {
-		gnutls_datum_t params;
+		gnutls_datum_t params, ecpoint;
 
 		ret =
 		    _gnutls_x509_write_ecc_params(pubkey->params.curve,
@@ -373,9 +373,18 @@ static int add_pubkey(gnutls_pubkey_t pubkey, struct ck_attribute *a, unsigned *
 		a[*a_val].value_len = params.size;
 		(*a_val)++;
 
+		ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING,
+						 pubkey->params.raw_pub.data,
+						 pubkey->params.raw_pub.size,
+						 &ecpoint);
+		if (ret < 0) {
+			gnutls_assert();
+			return ret;
+		}
+
 		a[*a_val].type = CKA_EC_POINT;
-		a[*a_val].value = pubkey->params.raw_pub.data;
-		a[*a_val].value_len = pubkey->params.raw_pub.size;
+		a[*a_val].value = ecpoint.data;
+		a[*a_val].value_len = ecpoint.size;
 		(*a_val)++;
 		break;
 	}
author	Jakub Jelen <jjelen@redhat.com>	2020-02-28 18:40:42 +0100
committer	Jakub Jelen <jjelen@redhat.com>	2020-03-18 09:31:42 +0100
commit	45a3f29fc37111d4f78138f1b069ca6fdee74189 (patch)
tree	38f017abae1f2a6822579c1c7883ce2c70b1b3aa /lib
parent	287f02228ed659ba0912e4359fb20171cd47ccb1 (diff)
download	gnutls-45a3f29fc37111d4f78138f1b069ca6fdee74189.tar.gz