Ensure that RSA signatures have the correct length

TLS Lite generates RSA signatures by converting a large integer that
holds the signature to a byte string. It does not apply any padding so
that if the signature starts with sufficiently many zero bits, the byte
string will be shorter than expected (it should have the same length as
the key's modulus).

This bug was fixed in trunk TLS Lite but is still present in our fork. The
fix in trunk TLS Lite was spread over two commits:

* Add a |howManyBytes| argument to the numberToBytes() method:
https://github.com/trevp/tlslite/commit/
    4278f558c2c519684ab35e9fc84887c15a11ea16
* Specify |howManyBytes| when generating an RSA signature:
https://github.com/trevp/tlslite/commit/
    0b8b2b4122109f22900ec929432308dd685f1d45

BUG=331761
TEST=Manual

Review URL: https://codereview.chromium.org/168903005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@251797 0039d316-1c4b-4281-b951-d872f2087c98

third_party/tlslite/README.chromium

@@ -39,3 +39,5 @@ Local Modifications:
 - patches/fallback_scsv.patch: add support for TLS_FALLBACK_SCSV. See
   https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01
 - patches/status_request.patch: add support for sending stapled OCSP responses.
+- patches/rsa_signature_length.patch: Ensure that RSA signatures have the
+  correct length.

third_party/tlslite/patches/rsa_signature_length.patch

+diff --git a/third_party/tlslite/tlslite/utils/RSAKey.py b/third_party/tlslite/tlslite/utils/RSAKey.py
+index 37c292d..1b91742 100644
+--- a/third_party/tlslite/tlslite/utils/RSAKey.py
++++ b/third_party/tlslite/tlslite/utils/RSAKey.py
+@@ -117,7 +117,7 @@ class RSAKey:
+         if m >= self.n:
+             raise ValueError()
+         c = self._rawPrivateKeyOp(m)
+-        sigBytes = numberToBytes(c)
++        sigBytes = numberToBytes(c, numBytes(self.n))
+         return sigBytes
+ 
+     def verify(self, sigBytes, bytes):
+diff --git a/third_party/tlslite/tlslite/utils/cryptomath.py b/third_party/tlslite/tlslite/utils/cryptomath.py
+index 385095d..86da25e 100644
+--- a/third_party/tlslite/tlslite/utils/cryptomath.py
++++ b/third_party/tlslite/tlslite/utils/cryptomath.py
+@@ -129,8 +129,9 @@ def bytesToNumber(bytes):
+         multiplier *= 256
+     return total
+ 
+-def numberToBytes(n):
+-    howManyBytes = numBytes(n)
++def numberToBytes(n, howManyBytes=None):
++    if howManyBytes == None:
++      howManyBytes = numBytes(n)
+     bytes = createByteArrayZeros(howManyBytes)
+     for count in range(howManyBytes-1, -1, -1):
+         bytes[count] = int(n % 256)

third_party/tlslite/tlslite/utils/RSAKey.py

@@ -117,7 +117,7 @@ class RSAKey:
         if m >= self.n:
             raise ValueError()
         c = self._rawPrivateKeyOp(m)
-        sigBytes = numberToBytes(c)
+        sigBytes = numberToBytes(c, numBytes(self.n))
         return sigBytes
 
     def verify(self, sigBytes, bytes):

third_party/tlslite/tlslite/utils/cryptomath.py

@@ -129,7 +129,8 @@ def bytesToNumber(bytes):
         multiplier *= 256
     return total
 
-def numberToBytes(n):
+def numberToBytes(n, howManyBytes=None):
+    if howManyBytes == None:
       howManyBytes = numBytes(n)
     bytes = createByteArrayZeros(howManyBytes)
     for count in range(howManyBytes-1, -1, -1):