From 86ba2db41123fe4c75041eac7630f9c0af902db8 Mon Sep 17 00:00:00 2001 From: Junyeon LEE Date: Thu, 11 May 2017 00:38:43 +0900 Subject: [PATCH] net/tls: fix ECDSA signature authentication failure This commit fixes misuse of ECDSA signature function in security api. If we use see_get_ecdsa_signature() function with mbedTLS library, it will do hash two times and make wrong signature. Change-Id: Idc5471255c94bfc91cbe7febb46a0e38deb1094a Signed-off-by: Junyeon LEE --- os/net/tls/see_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os/net/tls/see_api.c b/os/net/tls/see_api.c index 6154876..1a03f2e 100644 --- a/os/net/tls/see_api.c +++ b/os/net/tls/see_api.c @@ -186,7 +186,7 @@ int see_get_ecdsa_signature(struct sECC_SIGN *ecc_sign, unsigned char *hash, uns } ISP_CHECKBUSY(); - if ((r = isp_ecdsa_sign_securekey(ecc_sign, hash, hash_len, key_index)) != 0) { + if ((r = isp_ecdsa_sign_md_securekey(ecc_sign, hash, hash_len, key_index)) != 0) { SEE_DEBUG("isp_ecdsa_sign fail %x\n", r); isp_clear(0); if (see_mutex_unlock(&m_handler) != SEE_OK) { -- 2.7.4