Skip to content

Commit

Permalink
crypto: fix ieee-p1363 for createVerify
Browse files Browse the repository at this point in the history
Fixes: #31866

PR-URL: #31876
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
  • Loading branch information
tniessen authored and codebytere committed Feb 27, 2020
1 parent 61a0d8b commit d0e94fc
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 10 deletions.
12 changes: 4 additions & 8 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -5323,8 +5323,7 @@ void Verify::VerifyUpdate(const FunctionCallbackInfo<Value>& args) {


SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey,
const char* sig,
int siglen,
const ByteSource& sig,
int padding,
const Maybe<int>& saltlen,
bool* verify_result) {
Expand All @@ -5345,11 +5344,8 @@ SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey,
ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) &&
EVP_PKEY_CTX_set_signature_md(pkctx.get(),
EVP_MD_CTX_md(mdctx.get())) > 0) {
const int r = EVP_PKEY_verify(pkctx.get(),
reinterpret_cast<const unsigned char*>(sig),
siglen,
m,
m_len);
const unsigned char* s = reinterpret_cast<const unsigned char*>(sig.get());
const int r = EVP_PKEY_verify(pkctx.get(), s, sig.size(), m, m_len);
*verify_result = r == 1;
}

Expand Down Expand Up @@ -5394,7 +5390,7 @@ void Verify::VerifyFinal(const FunctionCallbackInfo<Value>& args) {
}

bool verify_result;
Error err = verify->VerifyFinal(pkey, hbuf.data(), hbuf.length(), padding,
Error err = verify->VerifyFinal(pkey, signature, padding,
salt_len, &verify_result);
if (err != kSignOk)
return verify->CheckThrow(err);
Expand Down
3 changes: 1 addition & 2 deletions src/node_crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -700,8 +700,7 @@ class Verify : public SignBase {
static void Initialize(Environment* env, v8::Local<v8::Object> target);

Error VerifyFinal(const ManagedEVPPKey& key,
const char* sig,
int siglen,
const ByteSource& sig,
int padding,
const v8::Maybe<int>& saltlen,
bool* verify_result);
Expand Down
11 changes: 11 additions & 0 deletions test/parallel/test-crypto-sign-verify.js
Original file line number Diff line number Diff line change
Expand Up @@ -527,6 +527,9 @@ assert.throws(
// Unlike DER signatures, IEEE P1363 signatures have a predictable length.
assert.strictEqual(sig.length, length);
assert.strictEqual(crypto.verify('sha1', data, opts, sig), true);
assert.strictEqual(crypto.createVerify('sha1')
.update(data)
.verify(opts, sig), true);

// Test invalid signature lengths.
for (const i of [-2, -1, 1, 2, 4, 8]) {
Expand All @@ -552,6 +555,14 @@ assert.throws(
ok
);

assert.strictEqual(
crypto.createVerify('sha256').update(data).verify({
key: fixtures.readKey('ec-key.pem'),
dsaEncoding: 'ieee-p1363'
}, extSig),
ok
);

extSig[Math.floor(Math.random() * extSig.length)] ^= 1;
}

Expand Down

0 comments on commit d0e94fc

Please sign in to comment.