From fbc9ff84bcfdc72d54b90f65158f5e60c204864c Mon Sep 17 00:00:00 2001 From: Doug Engert Date: Sun, 8 Apr 2018 20:15:13 -0500 Subject: [PATCH] Some cards may return short RSA signatures without leading zero bytes. Add leading zeros to RSA signature so it is the size of modulus. Return modulus length. Changes to be committed: modified: src/libopensc/pkcs15-sec.c --- src/libopensc/pkcs15-sec.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/libopensc/pkcs15-sec.c b/src/libopensc/pkcs15-sec.c index a508cc7b..6ee4fa3c 100644 --- a/src/libopensc/pkcs15-sec.c +++ b/src/libopensc/pkcs15-sec.c @@ -456,6 +456,15 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card, r = use_key(p15card, obj, &senv, sc_compute_signature, tmp, inlen, out, outlen); LOG_TEST_RET(ctx, r, "use_key() failed"); + + /* Some cards may return RSA signature as integer without leading zero bytes */ + /* Already know outlen >= modlen and r >= 0 */ + if (obj->type == SC_PKCS15_TYPE_PRKEY_RSA && (unsigned)r < modlen) { + memmove(out + modlen - r, out, r); + memset(out, 0, modlen - r); + r = modlen; + } + sc_mem_clear(buf, sizeof(buf)); LOG_FUNC_RETURN(ctx, r);