diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-05 17:02:58 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-05 17:02:58 +0100 |
commit | 5658e4bfd4045bf31b2ba9f4e2a31066dc252d67 (patch) | |
tree | 9b3bee9cf8a4823d497362db5f4a4e64c588e555 /src/libcryptobox | |
parent | 0d4bbf0f00d4278e1dc10f205884871f4666b544 (diff) | |
download | rspamd-5658e4bfd4045bf31b2ba9f4e2a31066dc252d67.tar.gz rspamd-5658e4bfd4045bf31b2ba9f4e2a31066dc252d67.zip |
[Fix] Fix NIST signatures
Diffstat (limited to 'src/libcryptobox')
-rw-r--r-- | src/libcryptobox/cryptobox.c | 5 | ||||
-rw-r--r-- | src/libcryptobox/cryptobox.h | 1 | ||||
-rw-r--r-- | src/libcryptobox/keypair.c | 2 |
3 files changed, 5 insertions, 3 deletions
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c index b58f84418..99c91e3dd 100644 --- a/src/libcryptobox/cryptobox.c +++ b/src/libcryptobox/cryptobox.c @@ -576,6 +576,7 @@ rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p, bool rspamd_cryptobox_verify (const guchar *sig, + gsize siglen, const guchar *m, gsize mlen, const rspamd_pk_t pk, @@ -584,6 +585,7 @@ rspamd_cryptobox_verify (const guchar *sig, bool ret = false; if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) { + g_assert (siglen == rspamd_cryptobox_signature_bytes (RSPAMD_CRYPTOBOX_MODE_25519)); ret = ed25519_verify (sig, m, mlen, pk); } else { @@ -612,8 +614,7 @@ rspamd_cryptobox_verify (const guchar *sig, g_assert (EC_KEY_set_public_key (lk, ec_pub) == 1); /* ECDSA */ - ret = ECDSA_verify (0, h, sizeof (h), sig, - rspamd_cryptobox_signature_bytes (mode), lk) == 1; + ret = ECDSA_verify (0, h, sizeof (h), sig, siglen, lk) == 1; EC_KEY_free (lk); EVP_MD_CTX_destroy (sha_ctx); diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h index e5cdb8f6c..1d48c06e5 100644 --- a/src/libcryptobox/cryptobox.h +++ b/src/libcryptobox/cryptobox.h @@ -214,6 +214,7 @@ void rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p, * @return true if signature is valid, false otherwise */ bool rspamd_cryptobox_verify (const guchar *sig, + gsize siglen, const guchar *m, gsize mlen, const rspamd_pk_t pk, diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c index 50e3614d9..21b497130 100644 --- a/src/libcryptobox/keypair.c +++ b/src/libcryptobox/keypair.c @@ -881,7 +881,7 @@ rspamd_keypair_verify (struct rspamd_cryptobox_pubkey *pk, return FALSE; } - if (!rspamd_cryptobox_verify (sig, data, len, + if (!rspamd_cryptobox_verify (sig, siglen, data, len, rspamd_cryptobox_pubkey_pk (pk, &pklen), pk->alg)) { g_set_error (err, rspamd_keypair_quark (), EPERM, "signature verification failed"); |