Fix ED25519 signing for big files

Yubico · Jan 30, 2024 · 8bb05ff · 8bb05ff
1 parent 94505da
commit 8bb05ff
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
@@ -1535,7 +1535,7 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output,
   FILE *output_file = NULL;
   int key;
   unsigned int hash_len;
-  unsigned char hashed[EVP_MAX_MD_SIZE * 2] = {0};
+  unsigned char hashed[YKPIV_OBJ_MAX_SIZE] = {0};
   bool ret = false;
   int algo;
   const EVP_MD *md = NULL;
@@ -1570,9 +1570,11 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output,
       fprintf(stderr, "Signing with X25519 key is not supported\n");
       goto out;
     } else if (algo == YKPIV_ALGO_ED25519) {
-      char buf[1024] = {0};
-      size_t len = fread(buf, 1, 1024, input_file);
-      memcpy(hashed, buf, len);
+      size_t len = fread(hashed, 1, YKPIV_OBJ_MAX_SIZE, input_file);
+      if(len >= YKPIV_OBJ_MAX_SIZE) {
+        fprintf(stderr, "Cannot perform signature. File too big.\n");
+        goto out;
+      }
       hash_len = len;
     } else {
       md = get_hash(hash, NULL, NULL);