crypto: fix ieee-p1363 for createVerify

Fixes: https://github.com/nodejs/node/issues/31866 PR-URL: https://github.com/nodejs/node/pull/31876 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
2024-11-21 10:59:27 +00:00 · 2020-02-19 20:16:14 -04:00 · 2020-02-19 20:16:14 -04:00 · 0e63a079e8
commit 0e63a079e8
parent 21bd6679ce
3 changed files with 16 additions and 10 deletions
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@ -5323,8 +5323,7 @@ void Verify::VerifyUpdate(const FunctionCallbackInfo<Value>& args) {


 SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey,
-                                    const char* sig,
-                                    int siglen,
+                                    const ByteSource& sig,
                                    int padding,
                                    const Maybe<int>& saltlen,
                                    bool* verify_result) {
@ -5345,11 +5344,8 @@ SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey,
      ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) &&
      EVP_PKEY_CTX_set_signature_md(pkctx.get(),
                                    EVP_MD_CTX_md(mdctx.get())) > 0) {
-    const int r = EVP_PKEY_verify(pkctx.get(),
-                                  reinterpret_cast<const unsigned char*>(sig),
-                                  siglen,
-                                  m,
-                                  m_len);
+    const unsigned char* s = reinterpret_cast<const unsigned char*>(sig.get());
+    const int r = EVP_PKEY_verify(pkctx.get(), s, sig.size(), m, m_len);
    *verify_result = r == 1;
  }

@ -5394,7 +5390,7 @@ void Verify::VerifyFinal(const FunctionCallbackInfo<Value>& args) {
  }

  bool verify_result;
-  Error err = verify->VerifyFinal(pkey, hbuf.data(), hbuf.length(), padding,
+  Error err = verify->VerifyFinal(pkey, signature, padding,
                                  salt_len, &verify_result);
  if (err != kSignOk)
    return verify->CheckThrow(err);
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@ -700,8 +700,7 @@ class Verify : public SignBase {
  static void Initialize(Environment* env, v8::Local<v8::Object> target);

  Error VerifyFinal(const ManagedEVPPKey& key,
-                    const char* sig,
-                    int siglen,
+                    const ByteSource& sig,
                    int padding,
                    const v8::Maybe<int>& saltlen,
                    bool* verify_result);
--- a/test/parallel/test-crypto-sign-verify.js
+++ b/test/parallel/test-crypto-sign-verify.js
@ -527,6 +527,9 @@ assert.throws(
    // Unlike DER signatures, IEEE P1363 signatures have a predictable length.
    assert.strictEqual(sig.length, length);
    assert.strictEqual(crypto.verify('sha1', data, opts, sig), true);
+    assert.strictEqual(crypto.createVerify('sha1')
+                             .update(data)
+                             .verify(opts, sig), true);

    // Test invalid signature lengths.
    for (const i of [-2, -1, 1, 2, 4, 8]) {
@ -552,6 +555,14 @@ assert.throws(
      ok
    );

+    assert.strictEqual(
+      crypto.createVerify('sha256').update(data).verify({
+        key: fixtures.readKey('ec-key.pem'),
+        dsaEncoding: 'ieee-p1363'
+      }, extSig),
+      ok
+    );
+
    extSig[Math.floor(Math.random() * extSig.length)] ^= 1;
  }