aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIvan Stakhov <50211739+left-try@users.noreply.github.com>2024-10-23 17:09:53 +0300
committerGitHub <noreply@github.com>2024-10-23 17:09:53 +0300
commit1e72912cfbb2cceb0f7572f2e07c432e8ec2ed24 (patch)
tree5d83cecd306d5c22b55e1456bb9da2495dc41a23
parent7ca76b8768adcdd1205b7bc8c7000be3bbc281fe (diff)
parent1ad4dba75b5db1e8f3e6677ad68f09706be15a48 (diff)
downloadrspamd-1e72912cfbb2cceb0f7572f2e07c432e8ec2ed24.tar.gz
rspamd-1e72912cfbb2cceb0f7572f2e07c432e8ec2ed24.zip
Merge branch 'rspamd:master' into master
-rw-r--r--src/libserver/protocol.c1
-rw-r--r--src/lua/lua_rsa.c4
-rw-r--r--src/rspamd_proxy.c1
-rw-r--r--test/lua/unit/rsa.lua24
-rw-r--r--test/lua/unit/test.sig5
5 files changed, 25 insertions, 10 deletions
diff --git a/src/libserver/protocol.c b/src/libserver/protocol.c
index 7d007370b..2dc641dfe 100644
--- a/src/libserver/protocol.c
+++ b/src/libserver/protocol.c
@@ -2092,6 +2092,7 @@ void rspamd_protocol_write_reply(struct rspamd_task *task, ev_tstamp timeout, st
memcpy(&stat_copy, srv->stat, sizeof(stat_copy));
output = rspamd_metrics_to_prometheus_string(
rspamd_worker_metrics_object(srv->cfg, &stat_copy, now - srv->start_time));
+ rspamd_printf_fstring(&output, "# EOF\n");
rspamd_http_message_set_body_from_fstring_steal(msg, output);
ctype = "application/openmetrics-text; version=1.0.0; charset=utf-8";
break;
diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c
index 4b9aa0354..5f7db606f 100644
--- a/src/lua/lua_rsa.c
+++ b/src/lua/lua_rsa.c
@@ -716,6 +716,8 @@ lua_rsa_verify_memory(lua_State *L)
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
g_assert(pctx != NULL);
g_assert(EVP_PKEY_verify_init(pctx) == 1);
+ g_assert(EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) == 1);
+ g_assert(EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha256()) == 1);
ret = EVP_PKEY_verify(pctx, signature->str, signature->len, data, sz);
@@ -766,6 +768,8 @@ lua_rsa_sign_memory(lua_State *L)
g_assert(pctx != NULL);
g_assert(EVP_PKEY_sign_init(pctx) == 1);
+ g_assert(EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) == 1);
+ g_assert(EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha256()) == 1);
size_t slen = signature->allocated;
ret = EVP_PKEY_sign(pctx, signature->str, &slen, data, sz);
diff --git a/src/rspamd_proxy.c b/src/rspamd_proxy.c
index e2a866178..694e87c12 100644
--- a/src/rspamd_proxy.c
+++ b/src/rspamd_proxy.c
@@ -1768,6 +1768,7 @@ rspamd_proxy_scan_self_reply(struct rspamd_task *task)
memcpy(&stat_copy, session->ctx->srv->stat, sizeof(stat_copy));
output = rspamd_metrics_to_prometheus_string(
rspamd_worker_metrics_object(task->cfg, &stat_copy, ev_time() - session->ctx->srv->start_time));
+ rspamd_printf_fstring(&output, "# EOF\n");
rspamd_http_message_set_body_from_fstring_steal(msg, output);
ctype = "application/openmetrics-text; version=1.0.0; charset=utf-8";
break;
diff --git a/test/lua/unit/rsa.lua b/test/lua/unit/rsa.lua
index 019212df4..bc4113ae4 100644
--- a/test/lua/unit/rsa.lua
+++ b/test/lua/unit/rsa.lua
@@ -10,6 +10,7 @@ context("RSA signature verification test", function()
local privkey = 'testkey.sec'
local data = 'test.data'
local signature = 'test.sig'
+ local signature_bytes = 'test.sig_bytes'
local test_dir = string.gsub(debug.getinfo(1).source, "^@(.+/)[^/]+$", "%1")
local rsa_key, rsa_sig
@@ -23,7 +24,10 @@ context("RSA signature verification test", function()
h:update(d)
local sig = rsa.sign_memory(rsa_key, h:bin())
assert_not_nil(sig)
- sig:save(string.format('%s/%s', test_dir, signature), true)
+ sig:save(string.format('%s/%s', test_dir, signature_bytes), true)
+ local sig_actual = string.format('%s\n', sig:base64(80, 'lf'))
+ local sig_expected = io.open(string.format('%s/%s', test_dir, signature), "rb"):read "*a"
+ assert_equal(sig_actual, sig_expected)
end)
test("RSA verify", function()
@@ -33,28 +37,28 @@ context("RSA signature verification test", function()
h:update(d)
rsa_key = rsa_pubkey.load(string.format('%s/%s', test_dir, pubkey))
assert_not_nil(rsa_key)
- rsa_sig = rsa_signature.load(string.format('%s/%s', test_dir, signature))
+ rsa_sig = rsa_signature.load(string.format('%s/%s', test_dir, signature_bytes))
assert_not_nil(rsa_sig)
assert_true(rsa.verify_memory(rsa_key, rsa_sig, h:bin()))
end)
test("RSA keypair + sign + verify", function()
local sk, pk = rsa.keypair()
- local sig = rsa.sign_memory(sk, "test")
- assert_true(rsa.verify_memory(pk, sig, "test"))
- assert_false(rsa.verify_memory(pk, sig, "test1"))
+ local sig = rsa.sign_memory(sk, "test_012345678901234567890123456")
+ assert_true(rsa.verify_memory(pk, sig, "test_012345678901234567890123456"))
+ assert_false(rsa.verify_memory(pk, sig, "blah_012345678901234567890123456"))
-- Overwrite
sk, pk = rsa.keypair()
- assert_false(rsa.verify_memory(pk, sig, "test"))
+ assert_false(rsa.verify_memory(pk, sig, "test_012345678901234567890123456"))
end)
test("RSA-2048 keypair + sign + verify", function()
local sk, pk = rsa.keypair(2048)
- local sig = rsa.sign_memory(sk, "test")
- assert_true(rsa.verify_memory(pk, sig, "test"))
- assert_false(rsa.verify_memory(pk, sig, "test1"))
+ local sig = rsa.sign_memory(sk, "test_012345678901234567890123456")
+ assert_true(rsa.verify_memory(pk, sig, "test_012345678901234567890123456"))
+ assert_false(rsa.verify_memory(pk, sig, "blah_012345678901234567890123456"))
-- Overwrite
sk, pk = rsa.keypair(2048)
- assert_false(rsa.verify_memory(pk, sig, "test"))
+ assert_false(rsa.verify_memory(pk, sig, "test_012345678901234567890123456"))
end)
end)
diff --git a/test/lua/unit/test.sig b/test/lua/unit/test.sig
new file mode 100644
index 000000000..6bf4f48a3
--- /dev/null
+++ b/test/lua/unit/test.sig
@@ -0,0 +1,5 @@
+D3IZyIpD0dzfEG0JCZ53BWQLgkRkek7V6JxeGRod3QqNzbGFbbisOkRUW3m3tYL4J7m29taRPT8Ki+RN
+ NdaPPylijID3E7vdjSY2+c3eajUvlgOCGjEl5kkpYEZeBsO/wJGrS+lucsx/QC/nWJFDGFbiMhbb5HJ/
+ fKguRXIqnIh6Dbp3VonP9k7DjgP0yRz6B9BBUBE/z01SeSfM7Knx83ZUsiAN3U8JEudVO9ahLArwFXST
+ pZDfS3Mn3zbghdXfmwmEFbtaN/SrmBvnEbhvsUfrbChy4Rk4d6wMYa3M83/DcVgxh4yaydlCHhctYBcP
+ gDQg2BrLzVkPCeWOyLicHg==