From 6486773583b5983af8250a47cf07eca938e0e422 Mon Sep 17 00:00:00 2001
From: Matej Zachar <zachar.matej@gmail.com>
Date: Fri, 29 Nov 2024 10:01:13 +0100
Subject: [PATCH] libckteec: Validate EdDSA mechanism parameter length

This fixes Segmentation fault when no parameter is provided
as specified in pkcs11 v3.0 spec for Ed25519 Signature Scheme

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Matej Zachar <zachar.matej@gmail.com>
---
 libckteec/src/serialize_ck.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/libckteec/src/serialize_ck.c b/libckteec/src/serialize_ck.c
index f4e7c328..f8b5bf91 100644
--- a/libckteec/src/serialize_ck.c
+++ b/libckteec/src/serialize_ck.c
@@ -674,6 +674,23 @@ static CK_RV serialize_mecha_eddsa(struct serializer *obj,
 {
 	CK_RV rv = CKR_GENERAL_ERROR;
 	CK_EDDSA_PARAMS *params = mecha->pParameter;
+	CK_ULONG params_len = mecha->ulParameterLen;
+	/*
+	 * When no parameter is provided, the expected operation is
+	 * no-prehash and no-context.
+	 */
+	CK_EDDSA_PARAMS default_params = {
+		.phFlag = 0,
+		.ulContextDataLen = 0,
+	};
+
+	if (params_len == 0) {
+		params = &default_params;
+		params_len = sizeof(*params);
+	}
+
+	if (params_len != sizeof(*params))
+		return CKR_ARGUMENTS_BAD;
 
 	rv = serialize_32b(obj, obj->type);
 	if (rv)