diff options
author | Miloslav Trmač <mitr@redhat.com> | 2010-11-30 22:01:12 +0100 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2010-11-30 22:01:12 +0100 |
commit | f40b36f1711066b7ce87dbcb247ec3646cfd998c (patch) | |
tree | 2b39e586f63ecb6320122c17733e0dee8976406b | |
parent | 9f8c85856ca06788c4eedb16d37f375491948a54 (diff) | |
download | ncrypto-f40b36f1711066b7ce87dbcb247ec3646cfd998c.tar.gz ncrypto-f40b36f1711066b7ce87dbcb247ec3646cfd998c.tar.xz ncrypto-f40b36f1711066b7ce87dbcb247ec3646cfd998c.zip |
Validate structure version and algorithm ID on export
-rw-r--r-- | lib/ncrypto_nss.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/ncrypto_nss.c b/lib/ncrypto_nss.c index afdc5b0..dc250cd 100644 --- a/lib/ncrypto_nss.c +++ b/lib/ncrypto_nss.c @@ -493,6 +493,9 @@ private_key_export_components (struct ncr_private_key *key, PRArenaPool *arena, &der_pki) != SECSuccess) return CKR_GENERAL_ERROR; + if (pki->version.len != 1 || pki->version.data[0] != 0) + return CKR_GENERAL_ERROR; + return CKR_OK; } @@ -957,6 +960,10 @@ ncr_private_key_export_rsa (struct ncr_private_key *key, if (res != CKR_OK) goto end; + res = rsa_validate_algorithm_id (&pki.algorithm); + if (res != CKR_OK) + goto end; + /* Setting type to siUnsignedInteger requests removal of leading zeroes. */ der_output.version.type = siUnsignedInteger; for (i = 0; i < NCR_RSA_PRIVATE_NUM_MPIS; i++) @@ -968,6 +975,12 @@ ncr_private_key_export_rsa (struct ncr_private_key *key, goto end; } + if (der_output.version.len != 1 || der_output.version.data[0] != 0) + { + res = CKR_GENERAL_ERROR; + goto end; + } + res = mpi_output_decoded_SECItems(mpis, der_output.items, NCR_RSA_PRIVATE_NUM_MPIS); |