From c6bbae44a94250e8a5f6f7c354882ce1ae938d32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Wed, 19 Feb 2020 20:16:14 -0400 Subject: [PATCH] crypto: fix ieee-p1363 for createVerify Fixes: https://github.com/nodejs/node/issues/31866 PR-URL: https://github.com/nodejs/node/pull/31876 Reviewed-By: Ben Noordhuis Reviewed-By: Colin Ihrig Reviewed-By: James M Snell --- src/node_crypto.cc | 12 ++++-------- src/node_crypto.h | 3 +-- test/parallel/test-crypto-sign-verify.js | 11 +++++++++++ 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 43afdaad7fab1d..fa1997fa3dc45a 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -5320,8 +5320,7 @@ void Verify::VerifyUpdate(const FunctionCallbackInfo& args) { SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey, - const char* sig, - int siglen, + const ByteSource& sig, int padding, const Maybe& saltlen, bool* verify_result) { @@ -5342,11 +5341,8 @@ SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey, ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) && EVP_PKEY_CTX_set_signature_md(pkctx.get(), EVP_MD_CTX_md(mdctx.get())) > 0) { - const int r = EVP_PKEY_verify(pkctx.get(), - reinterpret_cast(sig), - siglen, - m, - m_len); + const unsigned char* s = reinterpret_cast(sig.get()); + const int r = EVP_PKEY_verify(pkctx.get(), s, sig.size(), m, m_len); *verify_result = r == 1; } @@ -5391,7 +5387,7 @@ void Verify::VerifyFinal(const FunctionCallbackInfo& args) { } bool verify_result; - Error err = verify->VerifyFinal(pkey, hbuf.data(), hbuf.length(), padding, + Error err = verify->VerifyFinal(pkey, signature, padding, salt_len, &verify_result); if (err != kSignOk) return verify->CheckThrow(err); diff --git a/src/node_crypto.h b/src/node_crypto.h index 4862c160e85072..bc973b0b3ad9e2 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -699,8 +699,7 @@ class Verify : public SignBase { static void Initialize(Environment* env, v8::Local target); Error VerifyFinal(const ManagedEVPPKey& key, - const char* sig, - int siglen, + const ByteSource& sig, int padding, const v8::Maybe& saltlen, bool* verify_result); diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js index d98317a3547052..943a542f28fede 100644 --- a/test/parallel/test-crypto-sign-verify.js +++ b/test/parallel/test-crypto-sign-verify.js @@ -527,6 +527,9 @@ common.expectsError( // Unlike DER signatures, IEEE P1363 signatures have a predictable length. assert.strictEqual(sig.length, length); assert.strictEqual(crypto.verify('sha1', data, opts, sig), true); + assert.strictEqual(crypto.createVerify('sha1') + .update(data) + .verify(opts, sig), true); // Test invalid signature lengths. for (const i of [-2, -1, 1, 2, 4, 8]) { @@ -552,6 +555,14 @@ common.expectsError( ok ); + assert.strictEqual( + crypto.createVerify('sha256').update(data).verify({ + key: fixtures.readKey('ec-key.pem'), + dsaEncoding: 'ieee-p1363' + }, extSig), + ok + ); + extSig[Math.floor(Math.random() * extSig.length)] ^= 1; }