crypto: fix ieee-p1363 for createVerify

tniessen · codebytere · commit c6bbae44a942 · 2020-03-30T10:59:57.000-07:00
Fixes: #31866 PR-URL: #31876 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -5320,8 +5320,7 @@ void Verify::VerifyUpdate(const FunctionCallbackInfo<Value>& args) {
 
 
 SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey,
-                                    const char* sig,
-                                    int siglen,
+                                    const ByteSource& sig,
                                     int padding,
                                     const Maybe<int>& saltlen,
                                     bool* verify_result) {
@@ -5342,11 +5341,8 @@ SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey,
       ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) &&
       EVP_PKEY_CTX_set_signature_md(pkctx.get(),
                                     EVP_MD_CTX_md(mdctx.get())) > 0) {
-    const int r = EVP_PKEY_verify(pkctx.get(),
-                                  reinterpret_cast<const unsigned char*>(sig),
-                                  siglen,
-                                  m,
-                                  m_len);
+    const unsigned char* s = reinterpret_cast<const unsigned char*>(sig.get());
+    const int r = EVP_PKEY_verify(pkctx.get(), s, sig.size(), m, m_len);
     *verify_result = r == 1;
   }
 
@@ -5391,7 +5387,7 @@ void Verify::VerifyFinal(const FunctionCallbackInfo<Value>& args) {
   }
 
   bool verify_result;
-  Error err = verify->VerifyFinal(pkey, hbuf.data(), hbuf.length(), padding,
+  Error err = verify->VerifyFinal(pkey, signature, padding,
                                   salt_len, &verify_result);
   if (err != kSignOk)
     return verify->CheckThrow(err);
diff --git a/src/node_crypto.h b/src/node_crypto.h
@@ -699,8 +699,7 @@ class Verify : public SignBase {
   static void Initialize(Environment* env, v8::Local<v8::Object> target);
 
   Error VerifyFinal(const ManagedEVPPKey& key,
-                    const char* sig,
-                    int siglen,
+                    const ByteSource& sig,
                     int padding,
                     const v8::Maybe<int>& saltlen,
                     bool* verify_result);
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
@@ -527,6 +527,9 @@ common.expectsError(
     // Unlike DER signatures, IEEE P1363 signatures have a predictable length.
     assert.strictEqual(sig.length, length);
     assert.strictEqual(crypto.verify('sha1', data, opts, sig), true);
+    assert.strictEqual(crypto.createVerify('sha1')
+                             .update(data)
+                             .verify(opts, sig), true);
 
     // Test invalid signature lengths.
     for (const i of [-2, -1, 1, 2, 4, 8]) {
@@ -552,6 +555,14 @@ common.expectsError(
       ok
     );
 
+    assert.strictEqual(
+      crypto.createVerify('sha256').update(data).verify({
+        key: fixtures.readKey('ec-key.pem'),
+        dsaEncoding: 'ieee-p1363'
+      }, extSig),
+      ok
+    );
+
     extSig[Math.floor(Math.random() * extSig.length)] ^= 1;
   }
 
