From c7f1a82028eecda12231390e76ebd9d8bdf14882 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Tue, 5 Oct 2021 15:39:24 +0200 Subject: openpgp: Fix crash in the CNG backend. --- openpgp/src/crypto/backend/cng/asymmetric.rs | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/openpgp/src/crypto/backend/cng/asymmetric.rs b/openpgp/src/crypto/backend/cng/asymmetric.rs index 5f9addc7..c573acc4 100644 --- a/openpgp/src/crypto/backend/cng/asymmetric.rs +++ b/openpgp/src/crypto/backend/cng/asymmetric.rs @@ -194,8 +194,13 @@ impl Signer for KeyPair { let blob: DsaPrivateBlob = match version { Version::V1 => { let mut group = [0; 20]; - assert!(q.value().len() >= 20); - group[..q.value().len()].copy_from_slice(q.value()); + if let Ok(v) = q.value_padded(group.len()) { + group[..].copy_from_slice(&v); + } else { + return Err(Error::InvalidOperation( + "DSA keys' group parameter exceeds 160 bits" + .to_string()).into()); + } DsaPrivateBlob::V1(Blob::::clone_from_parts( &winapi::shared::bcrypt::BCRYPT_DSA_KEY_BLOB { @@ -485,8 +490,13 @@ impl Key { let blob: DsaPublicBlob = match version { Version::V1 => { let mut group = [0; 20]; - assert!(q.value().len() >= 20); - group[..q.value().len()].copy_from_slice(q.value()); + if let Ok(v) = q.value_padded(group.len()) { + group[..].copy_from_slice(&v); + } else { + return Err(Error::InvalidOperation( + "DSA keys' group parameter exceeds 160 bits" + .to_string()).into()); + } DsaPublicBlob::V1(Blob::::clone_from_parts( &winapi::shared::bcrypt::BCRYPT_DSA_KEY_BLOB { -- cgit v1.2.3