Ensure that RSA signatures have the correct length
TLS Lite generates RSA signatures by converting a large integer that
holds the signature to a byte string. It does not apply any padding so
that if the signature starts with sufficiently many zero bits, the byte
string will be shorter than expected (it should have the same length as
the key's modulus).
This bug was fixed in trunk TLS Lite but is still present in our fork. The
fix in trunk TLS Lite was spread over two commits:
* Add a |howManyBytes| argument to the numberToBytes() method:
https://github.com/trevp/tlslite/commit/
4278f558c2c519684ab35e9fc84887c15a11ea16
* Specify |howManyBytes| when generating an RSA signature:
https://github.com/trevp/tlslite/commit/
0b8b2b4122109f22900ec929432308dd685f1d45
BUG=331761
TEST=Manual
Review URL: https://codereview.chromium.org/168903005
git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@251797 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
diff --git a/README.chromium b/README.chromium
index ed0d793..cd87447 100644
--- a/README.chromium
+++ b/README.chromium
@@ -39,3 +39,5 @@
- patches/fallback_scsv.patch: add support for TLS_FALLBACK_SCSV. See
https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01
- patches/status_request.patch: add support for sending stapled OCSP responses.
+- patches/rsa_signature_length.patch: Ensure that RSA signatures have the
+ correct length.
diff --git a/patches/rsa_signature_length.patch b/patches/rsa_signature_length.patch
new file mode 100644
index 0000000..5f936a5
--- /dev/null
+++ b/patches/rsa_signature_length.patch
@@ -0,0 +1,29 @@
+diff --git a/third_party/tlslite/tlslite/utils/RSAKey.py b/third_party/tlslite/tlslite/utils/RSAKey.py
+index 37c292d..1b91742 100644
+--- a/third_party/tlslite/tlslite/utils/RSAKey.py
++++ b/third_party/tlslite/tlslite/utils/RSAKey.py
+@@ -117,7 +117,7 @@ class RSAKey:
+ if m >= self.n:
+ raise ValueError()
+ c = self._rawPrivateKeyOp(m)
+- sigBytes = numberToBytes(c)
++ sigBytes = numberToBytes(c, numBytes(self.n))
+ return sigBytes
+
+ def verify(self, sigBytes, bytes):
+diff --git a/third_party/tlslite/tlslite/utils/cryptomath.py b/third_party/tlslite/tlslite/utils/cryptomath.py
+index 385095d..86da25e 100644
+--- a/third_party/tlslite/tlslite/utils/cryptomath.py
++++ b/third_party/tlslite/tlslite/utils/cryptomath.py
+@@ -129,8 +129,9 @@ def bytesToNumber(bytes):
+ multiplier *= 256
+ return total
+
+-def numberToBytes(n):
+- howManyBytes = numBytes(n)
++def numberToBytes(n, howManyBytes=None):
++ if howManyBytes == None:
++ howManyBytes = numBytes(n)
+ bytes = createByteArrayZeros(howManyBytes)
+ for count in range(howManyBytes-1, -1, -1):
+ bytes[count] = int(n % 256)
diff --git a/tlslite/utils/RSAKey.py b/tlslite/utils/RSAKey.py
index 37c292d..1b91742 100644
--- a/tlslite/utils/RSAKey.py
+++ b/tlslite/utils/RSAKey.py
@@ -117,7 +117,7 @@
if m >= self.n:
raise ValueError()
c = self._rawPrivateKeyOp(m)
- sigBytes = numberToBytes(c)
+ sigBytes = numberToBytes(c, numBytes(self.n))
return sigBytes
def verify(self, sigBytes, bytes):
diff --git a/tlslite/utils/cryptomath.py b/tlslite/utils/cryptomath.py
index 385095d..86da25e 100644
--- a/tlslite/utils/cryptomath.py
+++ b/tlslite/utils/cryptomath.py
@@ -129,8 +129,9 @@
multiplier *= 256
return total
-def numberToBytes(n):
- howManyBytes = numBytes(n)
+def numberToBytes(n, howManyBytes=None):
+ if howManyBytes == None:
+ howManyBytes = numBytes(n)
bytes = createByteArrayZeros(howManyBytes)
for count in range(howManyBytes-1, -1, -1):
bytes[count] = int(n % 256)
