source.dussan.org Git - rspamd.git/commit

author	Jan Schär <jan@jschaer.ch>
	Sat, 19 Oct 2024 22:08:36 +0000 (00:08 +0200)
committer	Jan Schär <jan@jschaer.ch>
	Sat, 19 Oct 2024 22:08:36 +0000 (00:08 +0200)
commit	bfd833c73432dd3e178e773f9f02deb43200bd33
tree	0a3d133d56e62a4e896176bcb442585bf1517805	tree \| snapshot
parent	b7f870b6a4629be693eb4dc860fe0930a614a3dd	commit \| diff

[CritFix] Fix ARC-Seal signing

Signing of ARC-Seal headers was recently broken; the created signatures
failed to validate. Most likely, this was caused by commit 1e661a2fc6e3,
which changed the way signatures are created in lua_rsa_sign_memory
without adding the calls to EVP_PKEY_CTX_set_rsa_padding and
EVP_PKEY_CTX_set_signature_md needed with the new interface.

After fixing this, some existing tests failed, because the test values
passed to the hash parameter did not have the correct size for a sha256
hash. I fixed these by adjusting the length of the test values.
Additionally, I extended the "RSA sign" unit test to compare the created
signature against the expected one. This is possible because RSA signing
is deterministic, and should prevent the same bug from occuring again.

Fixes: https://github.com/rspamd/rspamd/issues/5173

src/lua/lua_rsa.c		diff \| blob \| history
test/lua/unit/rsa.lua		diff \| blob \| history
test/lua/unit/test.sig	[new file with mode: 0644]	blob