diff options
author | Rob Austein <sra@hactrn.net> | 2016-10-26 21:03:56 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2016-10-26 21:03:56 -0400 |
commit | 1c2e11cde5020e577040d1f18ac07db26dc97210 (patch) | |
tree | 7bd6004d7bfe60dde9c322e9db1b9ffb9bb0da60 | |
parent | dca4161990a2f9286c9400d014645c2ae69a3369 (diff) |
Fix pure-remote-mode hal_rpc_pkey_{sign,verify}().
Pure-remote-mode (where even the hashing is done in the HSM) did not
work, because XDR passes zero length strings rather than NULL string
pointers. Mostly, we use fixed mode, so nobody noticed.
-rw-r--r-- | rpc_pkey.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -656,7 +656,7 @@ static hal_error_t pkey_local_sign_rsa(uint8_t *keybuf, const size_t keybuf_len, if (*signature_len > signature_max) return HAL_ERROR_RESULT_TOO_LONG; - if (input == NULL) { + if (input == NULL || input_len == 0) { if ((err = hal_rpc_pkcs1_construct_digestinfo(hash, signature, &input_len, *signature_len)) != HAL_OK) return err; input = signature; @@ -684,7 +684,7 @@ static hal_error_t pkey_local_sign_ecdsa(uint8_t *keybuf, const size_t keybuf_le if ((err = hal_ecdsa_private_key_from_der(&key, keybuf, keybuf_len, der, der_len)) != HAL_OK) return err; - if (input == NULL) { + if (input == NULL || input_len == 0) { hal_digest_algorithm_t alg; if ((err = hal_rpc_hash_get_algorithm(hash, &alg)) != HAL_OK || @@ -788,7 +788,7 @@ static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_le if (err != HAL_OK) return err; - if (input == NULL) { + if (input == NULL || input_len == 0) { if ((err = hal_rpc_pkcs1_construct_digestinfo(hash, expected, &input_len, sizeof(expected))) != HAL_OK) return err; input = expected; @@ -835,7 +835,7 @@ static hal_error_t pkey_local_verify_ecdsa(uint8_t *keybuf, const size_t keybuf_ if (err != HAL_OK) return err; - if (input == NULL) { + if (input == NULL || input_len == 0) { hal_digest_algorithm_t alg; if ((err = hal_rpc_hash_get_algorithm(hash, &alg)) != HAL_OK || |