ykcs11: use a large enough buffer when writing EC signatures
This commit is contained in:
+5
-3
@@ -1942,7 +1942,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
|
|||||||
|
|
||||||
*pulSignatureLen = sizeof(op_info.buf);
|
*pulSignatureLen = sizeof(op_info.buf);
|
||||||
|
|
||||||
piv_rv = ykpiv_sign_data(piv_state, op_info.buf, op_info.buf_len, pSignature, pulSignatureLen, op_info.op.sign.algo, op_info.op.sign.key_id);
|
piv_rv = ykpiv_sign_data(piv_state, op_info.buf, op_info.buf_len, op_info.buf, pulSignatureLen, op_info.op.sign.algo, op_info.op.sign.key_id);
|
||||||
if (piv_rv != YKPIV_OK) {
|
if (piv_rv != YKPIV_OK) {
|
||||||
if (piv_rv == YKPIV_AUTHENTICATION_ERROR) {
|
if (piv_rv == YKPIV_AUTHENTICATION_ERROR) {
|
||||||
DBG("Operation requires authentication or touch");
|
DBG("Operation requires authentication or touch");
|
||||||
@@ -1958,13 +1958,13 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
|
|||||||
|
|
||||||
DBG("Got %lu bytes back", *pulSignatureLen);
|
DBG("Got %lu bytes back", *pulSignatureLen);
|
||||||
#if YKCS11_DBG == 1
|
#if YKCS11_DBG == 1
|
||||||
dump_data(pSignature, *pulSignatureLen, stderr, CK_TRUE, format_arg_hex);
|
dump_data(op_info.buf, *pulSignatureLen, stderr, CK_TRUE, format_arg_hex);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!is_RSA_mechanism(op_info.mechanism.mechanism)) {
|
if (!is_RSA_mechanism(op_info.mechanism.mechanism)) {
|
||||||
// ECDSA, we must remove the DER encoding and only return R,S
|
// ECDSA, we must remove the DER encoding and only return R,S
|
||||||
// as required by the specs
|
// as required by the specs
|
||||||
strip_DER_encoding_from_ECSIG(pSignature, pulSignatureLen);
|
strip_DER_encoding_from_ECSIG(op_info.buf, pulSignatureLen);
|
||||||
|
|
||||||
DBG("After removing DER encoding %lu", *pulSignatureLen);
|
DBG("After removing DER encoding %lu", *pulSignatureLen);
|
||||||
#if YKCS11_DBG == 1
|
#if YKCS11_DBG == 1
|
||||||
@@ -1972,6 +1972,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
memcpy(pSignature, op_info.buf, *pulSignatureLen);
|
||||||
|
|
||||||
op_info.type = YKCS11_NOOP;
|
op_info.type = YKCS11_NOOP;
|
||||||
|
|
||||||
rv = CKR_OK;
|
rv = CKR_OK;
|
||||||
|
|||||||
Reference in New Issue
Block a user