From e96e08fd296beabeb8217bfdc1fce21432b6e54d Mon Sep 17 00:00:00 2001
From: Aveen Ismail <aveen.ismail@yubico.com>
Date: Mon, 29 Jan 2024 17:05:32 +0100
Subject: [PATCH] Fix checking in_len when signing

---
 lib/ykpiv.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/ykpiv.c b/lib/ykpiv.c
index f4f9be1c..c8b8b7bc 100644
--- a/lib/ykpiv.c
+++ b/lib/ykpiv.c
@@ -1228,8 +1228,6 @@ static ykpiv_rc _general_authenticate(ykpiv_state *state,
       }
       break;
     case YKPIV_ALGO_ECCP256:
-    case YKPIV_ALGO_ED25519:
-    case YKPIV_ALGO_X25519:
       key_len = 32;
       // fall through
     case YKPIV_ALGO_ECCP384:
@@ -1243,6 +1241,16 @@ static ykpiv_rc _general_authenticate(ykpiv_state *state,
 	      return YKPIV_SIZE_ERROR;
       }
       break;
+    case YKPIV_ALGO_X25519:
+      if(in_len != 32) {
+        return YKPIV_SIZE_ERROR;
+      }
+      break;
+    case YKPIV_ALGO_ED25519:
+      if(in_len > CB_BUF_MAX) {
+        return YKPIV_SIZE_ERROR;
+      }
+      break;
     default:
       return YKPIV_ALGORITHM_ERROR;
   }