pkcs11: Skip zero-padding of r and s when preparing EC signature
authorTobias Brunner <tobias@strongswan.org>
Mon, 4 Apr 2016 13:35:43 +0000 (15:35 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 5 Apr 2016 14:17:10 +0000 (16:17 +0200)
They are zero padded to fill the buffer.

Fixes #1377.

src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c

index bfc5459..aec4550 100644 (file)
@@ -295,13 +295,19 @@ METHOD(private_key_t, sign, bool,
                case SIGN_ECDSA_WITH_SHA256_DER:
                case SIGN_ECDSA_WITH_SHA384_DER:
                case SIGN_ECDSA_WITH_SHA512_DER:
-                       /* return an ASN.1 encoded sequence of integers r and s */
+               {
+                       chunk_t r, s;
+
+                       /* return an ASN.1 encoded sequence of integers r and s, removing
+                        * any zero-padding */
                        len /= 2;
+                       r = chunk_skip_zero(chunk_create(buf, len));
+                       s = chunk_skip_zero(chunk_create(buf+len, len));
                        *signature = asn1_wrap(ASN1_SEQUENCE, "mm",
-                                                               asn1_integer("c", chunk_create(buf, len)),
-                                                               asn1_integer("c", chunk_create(buf+len, len)));
+                                                                  asn1_integer("c", r), asn1_integer("c", s));
                        free(buf);
                        break;
+               }
                default:
                        *signature = chunk_create(buf, len);
                        break;