WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix logic for signing with input digest smaller than key size. ZD 19869

pull/418/head
David Garske 2025-05-28 19:47:19 -07:00
parent 761cb4adea
commit 32332fd2bb
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/tpm2_wrap.c
View File

@ -3774,8 +3774,22 @@ int wolfTPM2_SignHashScheme(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
XMEMSET(&signIn, 0, sizeof(signIn)); XMEMSET(&signIn, 0, sizeof(signIn));
signIn.keyHandle = key->handle.hndl; signIn.keyHandle = key->handle.hndl;
signIn.digest.size = digestSz; signIn.digest.size = TPM2_GetHashDigestSize(hashAlg);
XMEMCPY(signIn.digest.buffer, digest, signIn.digest.size); if (signIn.digest.size <= 0) {
return BAD_FUNC_ARG;
}
/* truncate if too large */
if (signIn.digest.size > curveSize) {
signIn.digest.size = curveSize;
}
/* if digest provided is smaller than key size then zero pad leading */
if (signIn.digest.size > digestSz) {
XMEMCPY(&signIn.digest.buffer[signIn.digest.size - digestSz], digest,
digestSz);
}
else {
XMEMCPY(signIn.digest.buffer, digest, digestSz);
}
signIn.inScheme.scheme = sigAlg; signIn.inScheme.scheme = sigAlg;
signIn.inScheme.details.any.hashAlg = hashAlg; signIn.inScheme.details.any.hashAlg = hashAlg;
signIn.validation.tag = TPM_ST_HASHCHECK; signIn.validation.tag = TPM_ST_HASHCHECK;