QPQ-AG/enacl
10
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sign_verify_detached: guard against size

Browse Source 
The code didn't properly do a size check on a detached signature. Now it
does.

While here, fix a problem with EQC tests, for the same piece of code.
This commit is contained in:
Jesper Louis Andersen 2021-06-15 13:05:48 +02:00
parent 0855ce2f55
commit d6bd999c82
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
c_src/sign.c
View File

@ -468,6 +468,10 @@ enacl_crypto_sign_verify_detached(ErlNifEnv *env, int argc,
return enif_make_badarg(env); return enif_make_badarg(env);
} }
if (sig.size != crypto_sign_BYTES) {
return enif_make_badarg(env);
}
if (pk.size != crypto_sign_PUBLICKEYBYTES) { if (pk.size != crypto_sign_PUBLICKEYBYTES) {
return enif_make_badarg(env); return enif_make_badarg(env);
} }

2
eqc_test/enacl_eqc.erl
View File

@ -419,7 +419,7 @@ signed_message(M) ->
?FAULT(signed_message_bad(), signed_message_good(M)). ?FAULT(signed_message_bad(), signed_message_good(M)).
signed_message_d(M) -> signed_message_d(M) ->
?FAULT(signed_message_bad(), signed_message_good(M)). ?FAULT(signed_message_bad_d(), signed_message_good_d(M)).
signed_message_valid({valid, _}, _) -> true; signed_message_valid({valid, _}, _) -> true;
signed_message_valid({invalid, _}, _) -> true; signed_message_valid({invalid, _}, _) -> true;