diff options
author | Paul Selkirk <paul@psgd.org> | 2019-04-09 00:07:24 -0400 |
---|---|---|
committer | Paul Selkirk <paul@psgd.org> | 2019-04-09 00:07:24 -0400 |
commit | 903ba7aeb37f4014c48dc709cc768b8b93010172 (patch) | |
tree | eccd731ccdb2bd9c64173074cb6f58b1577d67ab | |
parent | 486416e3c07980ff02141f82a9ed1ecf85c5f4fc (diff) |
In pkey_local_sign_hashsig, don't create the digest in the signature
buffer, because hal_hashsig_sign assembles the signature incrementally,
and will overwrite the digest before it's ready to sign it.
-rw-r--r-- | rpc_pkey.c | 16 |
1 files changed, 10 insertions, 6 deletions
@@ -884,23 +884,27 @@ static hal_error_t pkey_local_sign_hashsig(hal_pkey_slot_t *slot, if (input == NULL || input_len == 0) { hal_digest_algorithm_t alg; + size_t digest_len; if ((err = hal_rpc_hash_get_algorithm(hash, &alg)) != HAL_OK || - (err = hal_rpc_hash_get_digest_length(alg, &input_len)) != HAL_OK) + (err = hal_rpc_hash_get_digest_length(alg, &digest_len)) != HAL_OK) return err; - if (input_len > signature_max) + if (digest_len > signature_max) return HAL_ERROR_RESULT_TOO_LONG; - if ((err = hal_rpc_hash_finalize(hash, signature, input_len)) != HAL_OK) + uint8_t digest[digest_len]; + + if ((err = hal_rpc_hash_finalize(hash, digest, digest_len)) != HAL_OK) return err; - input = signature; + err = hal_hashsig_sign(NULL, key, digest, digest_len, signature, signature_len, signature_max); } - err = hal_hashsig_sign(NULL, key, input, input_len, signature, signature_len, signature_max); - key = NULL; + else + err = hal_hashsig_sign(NULL, key, input, input_len, signature, signature_len, signature_max); + key = NULL; return err; } |