From 8c6093d121a50bccaaba0ee0b731e8803239ae5b Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 22 Aug 2013 15:22:15 +0100
Subject: [PATCH] Fix signatures checking.

---
 src/rcl/rcl_util.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/rcl/rcl_util.c b/src/rcl/rcl_util.c
index 57da0af5f..80848e51f 100644
--- a/src/rcl/rcl_util.c
+++ b/src/rcl/rcl_util.c
@@ -393,7 +393,12 @@ rspamd_cl_sig_check (const guchar *data, gsize datalen,
 		const guchar *sig, gsize siglen, struct rspamd_cl_parser *parser)
 {
 	struct rspamd_cl_pubkey *key;
+	gchar dig[EVP_MAX_MD_SIZE];
+	guint diglen;
 	EVP_PKEY_CTX *key_ctx;
+	EVP_MD_CTX *sign_ctx = NULL;
+
+	sign_ctx = EVP_MD_CTX_create ();
 
 	LL_FOREACH (parser->keys, key) {
 		key_ctx = EVP_PKEY_CTX_new (key->key, NULL);
@@ -410,7 +415,12 @@ rspamd_cl_sig_check (const guchar *data, gsize datalen,
 				EVP_PKEY_CTX_free (key_ctx);
 				continue;
 			}
-			if (EVP_PKEY_verify (key_ctx, sig, siglen, data, datalen) == 1) {
+			EVP_DigestInit (sign_ctx, EVP_sha256 ());
+			EVP_DigestUpdate (sign_ctx, data, datalen);
+			EVP_DigestFinal (sign_ctx, dig, &diglen);
+
+			if (EVP_PKEY_verify (key_ctx, sig, siglen, dig, diglen) == 1) {
+				EVP_MD_CTX_destroy (sign_ctx);
 				EVP_PKEY_CTX_free (key_ctx);
 				return TRUE;
 			}
@@ -419,6 +429,8 @@ rspamd_cl_sig_check (const guchar *data, gsize datalen,
 		}
 	}
 
+	EVP_MD_CTX_destroy (sign_ctx);
+
 	return FALSE;
 }
 #endif
-- 
2.39.5