aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Selkirk <paul@psgd.org>2019-04-09 00:07:24 -0400
committerPaul Selkirk <paul@psgd.org>2019-04-09 00:07:24 -0400
commit903ba7aeb37f4014c48dc709cc768b8b93010172 (patch)
treeeccd731ccdb2bd9c64173074cb6f58b1577d67ab
parent486416e3c07980ff02141f82a9ed1ecf85c5f4fc (diff)
In pkey_local_sign_hashsig, don't create the digest in the signature
buffer, because hal_hashsig_sign assembles the signature incrementally, and will overwrite the digest before it's ready to sign it.
-rw-r--r--rpc_pkey.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/rpc_pkey.c b/rpc_pkey.c
index a6a5734..b44eb54 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -884,23 +884,27 @@ static hal_error_t pkey_local_sign_hashsig(hal_pkey_slot_t *slot,
if (input == NULL || input_len == 0) {
hal_digest_algorithm_t alg;
+ size_t digest_len;
if ((err = hal_rpc_hash_get_algorithm(hash, &alg)) != HAL_OK ||
- (err = hal_rpc_hash_get_digest_length(alg, &input_len)) != HAL_OK)
+ (err = hal_rpc_hash_get_digest_length(alg, &digest_len)) != HAL_OK)
return err;
- if (input_len > signature_max)
+ if (digest_len > signature_max)
return HAL_ERROR_RESULT_TOO_LONG;
- if ((err = hal_rpc_hash_finalize(hash, signature, input_len)) != HAL_OK)
+ uint8_t digest[digest_len];
+
+ if ((err = hal_rpc_hash_finalize(hash, digest, digest_len)) != HAL_OK)
return err;
- input = signature;
+ err = hal_hashsig_sign(NULL, key, digest, digest_len, signature, signature_len, signature_max);
}
- err = hal_hashsig_sign(NULL, key, input, input_len, signature, signature_len, signature_max);
- key = NULL;
+ else
+ err = hal_hashsig_sign(NULL, key, input, input_len, signature, signature_len, signature_max);
+ key = NULL;
return err;
}