[CritFix] Fix ARC-Seal signing - rspamd.git - Rapid spam filtering system: https://github.com/rspamd/rspamd

diff options

author	Jan Schär <jan@jschaer.ch>	2024-10-20 00:08:36 +0200
committer	Vsevolod Stakhov <vsevolod@rspamd.com>	2024-10-20 10:05:06 +0100
commit	35537b44221171b44c2ef1b37072305df5bd113b (patch)
tree	57deaef80c8b6d7e433c418ad614e6b5a1ac3f7f /rules
parent	9de95c2b6d3387dd3c9f5540c8de2d0bd3441120 (diff)
download	rspamd-35537b44221171b44c2ef1b37072305df5bd113b.tar.gz rspamd-35537b44221171b44c2ef1b37072305df5bd113b.zip

[CritFix] Fix ARC-Seal signing

Signing of ARC-Seal headers was recently broken; the created signatures failed to validate. Most likely, this was caused by commit 1e661a2fc6e3, which changed the way signatures are created in lua_rsa_sign_memory without adding the calls to EVP_PKEY_CTX_set_rsa_padding and EVP_PKEY_CTX_set_signature_md needed with the new interface. After fixing this, some existing tests failed, because the test values passed to the hash parameter did not have the correct size for a sha256 hash. I fixed these by adjusting the length of the test values. Additionally, I extended the "RSA sign" unit test to compare the created signature against the expected one. This is possible because RSA signing is deterministic, and should prevent the same bug from occuring again. Fixes: https://github.com/rspamd/rspamd/issues/5173

Diffstat (limited to 'rules')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: