libckteec: Validate EdDSA mechanism parameter length

This fixes Segmentation fault when no parameter is provided as specified in pkcs11 v3.0 spec for Ed25519 Signature Scheme Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Matej Zachar <[email protected]>
OP-TEE · Nov 29, 2024 · 68a5e80 · 68a5e80
1 parent 0a22c22
commit 68a5e80
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/libckteec/src/serialize_ck.c b/libckteec/src/serialize_ck.c
@@ -674,6 +674,23 @@ static CK_RV serialize_mecha_eddsa(struct serializer *obj,
 {
 	CK_RV rv = CKR_GENERAL_ERROR;
 	CK_EDDSA_PARAMS *params = mecha->pParameter;
+	CK_ULONG params_len = mecha->ulParameterLen;
+	/*
+	 * When no parameter is provided, the expected operation is
+	 * no-prehash and no-context.
+	 */
+	CK_EDDSA_PARAMS default_params = {
+		.phFlag = 0,
+		.ulContextDataLen = 0,
+	};
+
+	if (params_len == 0) {
+		params = &default_params;
+		params_len = sizeof(*params);
+	}
+
+	if (params_len != sizeof(*params))
+		return CKR_ARGUMENTS_BAD;
 
 	rv = serialize_32b(obj, obj->type);
 	if (rv)