aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcryptobox
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2018-06-05 17:02:58 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2018-06-05 17:02:58 +0100
commit5658e4bfd4045bf31b2ba9f4e2a31066dc252d67 (patch)
tree9b3bee9cf8a4823d497362db5f4a4e64c588e555 /src/libcryptobox
parent0d4bbf0f00d4278e1dc10f205884871f4666b544 (diff)
downloadrspamd-5658e4bfd4045bf31b2ba9f4e2a31066dc252d67.tar.gz
rspamd-5658e4bfd4045bf31b2ba9f4e2a31066dc252d67.zip
[Fix] Fix NIST signatures
Diffstat (limited to 'src/libcryptobox')
-rw-r--r--src/libcryptobox/cryptobox.c5
-rw-r--r--src/libcryptobox/cryptobox.h1
-rw-r--r--src/libcryptobox/keypair.c2
3 files changed, 5 insertions, 3 deletions
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index b58f84418..99c91e3dd 100644
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -576,6 +576,7 @@ rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p,
bool
rspamd_cryptobox_verify (const guchar *sig,
+ gsize siglen,
const guchar *m,
gsize mlen,
const rspamd_pk_t pk,
@@ -584,6 +585,7 @@ rspamd_cryptobox_verify (const guchar *sig,
bool ret = false;
if (G_LIKELY (mode == RSPAMD_CRYPTOBOX_MODE_25519)) {
+ g_assert (siglen == rspamd_cryptobox_signature_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
ret = ed25519_verify (sig, m, mlen, pk);
}
else {
@@ -612,8 +614,7 @@ rspamd_cryptobox_verify (const guchar *sig,
g_assert (EC_KEY_set_public_key (lk, ec_pub) == 1);
/* ECDSA */
- ret = ECDSA_verify (0, h, sizeof (h), sig,
- rspamd_cryptobox_signature_bytes (mode), lk) == 1;
+ ret = ECDSA_verify (0, h, sizeof (h), sig, siglen, lk) == 1;
EC_KEY_free (lk);
EVP_MD_CTX_destroy (sha_ctx);
diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h
index e5cdb8f6c..1d48c06e5 100644
--- a/src/libcryptobox/cryptobox.h
+++ b/src/libcryptobox/cryptobox.h
@@ -214,6 +214,7 @@ void rspamd_cryptobox_sign (guchar *sig, gsize *siglen_p,
* @return true if signature is valid, false otherwise
*/
bool rspamd_cryptobox_verify (const guchar *sig,
+ gsize siglen,
const guchar *m,
gsize mlen,
const rspamd_pk_t pk,
diff --git a/src/libcryptobox/keypair.c b/src/libcryptobox/keypair.c
index 50e3614d9..21b497130 100644
--- a/src/libcryptobox/keypair.c
+++ b/src/libcryptobox/keypair.c
@@ -881,7 +881,7 @@ rspamd_keypair_verify (struct rspamd_cryptobox_pubkey *pk,
return FALSE;
}
- if (!rspamd_cryptobox_verify (sig, data, len,
+ if (!rspamd_cryptobox_verify (sig, siglen, data, len,
rspamd_cryptobox_pubkey_pk (pk, &pklen), pk->alg)) {
g_set_error (err, rspamd_keypair_quark (), EPERM,
"signature verification failed");