[Cryptech-Commits] [sw/libhal] 01/02: In pkey_local_sign_hashsig, don't create the digest in the signature buffer, because hal_hashsig_sign assembles the signature incrementally, and will overwrite the digest before it's ready to sign it.

git at cryptech.is git at cryptech.is
Tue Apr 9 04:09:29 UTC 2019

Previous message (by thread): [Cryptech-Commits] [sw/libhal] 02/02: Huh, I forgot to add a Python RPC handler for pkey_generate_hashsig, over a year ago.
Next message (by thread): [Cryptech-Commits] [releng/alpha] branch master updated: Update for merge of fmc_clk_60mhz to master and hardware byteswapping.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository sw/libhal.

commit 903ba7aeb37f4014c48dc709cc768b8b93010172
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Tue Apr 9 00:07:24 2019 -0400

    In pkey_local_sign_hashsig, don't create the digest in the signature
    buffer, because hal_hashsig_sign assembles the signature incrementally,
    and will overwrite the digest before it's ready to sign it.
---
 rpc_pkey.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/rpc_pkey.c b/rpc_pkey.c
index a6a5734..b44eb54 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -884,23 +884,27 @@ static hal_error_t pkey_local_sign_hashsig(hal_pkey_slot_t *slot,
 
   if (input == NULL || input_len == 0) {
     hal_digest_algorithm_t alg;
+    size_t digest_len;
 
     if ((err = hal_rpc_hash_get_algorithm(hash, &alg))          != HAL_OK ||
-        (err = hal_rpc_hash_get_digest_length(alg, &input_len)) != HAL_OK)
+        (err = hal_rpc_hash_get_digest_length(alg, &digest_len)) != HAL_OK)
       return err;
 
-    if (input_len > signature_max)
+    if (digest_len > signature_max)
       return HAL_ERROR_RESULT_TOO_LONG;
 
-    if ((err = hal_rpc_hash_finalize(hash, signature, input_len)) != HAL_OK)
+    uint8_t digest[digest_len];
+
+    if ((err = hal_rpc_hash_finalize(hash, digest, digest_len)) != HAL_OK)
       return err;
 
-    input = signature;
+    err = hal_hashsig_sign(NULL, key, digest, digest_len, signature, signature_len, signature_max);
   }
 
-  err = hal_hashsig_sign(NULL, key, input, input_len, signature, signature_len, signature_max);
-  key = NULL;
+  else
+    err = hal_hashsig_sign(NULL, key, input, input_len, signature, signature_len, signature_max);
 
+  key = NULL;
   return err;
 }

Previous message (by thread): [Cryptech-Commits] [sw/libhal] 02/02: Huh, I forgot to add a Python RPC handler for pkey_generate_hashsig, over a year ago.
Next message (by thread): [Cryptech-Commits] [releng/alpha] branch master updated: Update for merge of fmc_clk_60mhz to master and hardware byteswapping.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list