Fix creating and validating EdDSA signatures

author Witold Kręcicki <wpk@isc.org>

Thu, 4 Oct 2018 10:19:10 +0000 (12:19 +0200)

committer Michał Kępień <michal@isc.org>

Thu, 4 Oct 2018 10:38:46 +0000 (12:38 +0200)
author Witold Kręcicki <wpk@isc.org>
Thu, 4 Oct 2018 10:19:10 +0000 (12:19 +0200)
committer Michał Kępień <michal@isc.org>
Thu, 4 Oct 2018 10:38:46 +0000 (12:38 +0200)
diff --git a/CHANGES b/CHANGES

index 953764c720d7eb4a0366679cbc8fc800336ff43a..2a60992e5803bf6beca566a5a8f3193fc2164b08 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,7 @@
+5043.  [bug]           Fix creating and validating EdDSA signatures. [GL #579]
+
  5042.  [test]          Make the chained delegations in reclimit behave
-                       like they would in a regular name server. [GL  #578]
+                       like they would in a regular name server. [GL #578]
  
  5041.  [test]          The chain test contains a incomplete delegation.
                         [GL #568]
diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c

index c3db8a3ca5f7e433d9d6037eec084aaae60d000a..4298df1c2c6be77f96f943932029533a2e5e37c5 100644 (file)
--- a/lib/dns/openssleddsa_link.c
+++ b/lib/dns/openssleddsa_link.c
@@ -355,16 +355,13 @@ openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
  
         isc_buffer_usedregion(buf, &tbsreg);
  
-       if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey))
+       if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) {
                 DST_RET(dst__openssl_toresult3(dctx->category,
                                                "EVP_DigestSignInit",
                                                ISC_R_FAILURE));
-       if (EVP_DigestSignUpdate(ctx, tbsreg.base, tbsreg.length) != 1) {
-               DST_RET(dst__openssl_toresult3(dctx->category,
-                                              "EVP_DigestSignUpdate",
-                                              DST_R_SIGNFAILURE));
         }
-       if (EVP_DigestSignFinal(ctx, sigreg.base, &siglen) != 1) {
+       if (EVP_DigestSign(ctx, sigreg.base, &siglen,
+                          tbsreg.base, tbsreg.length) != 1) {
                 DST_RET(dst__openssl_toresult3(dctx->category,
                                                "EVP_DigestSign",
                                                DST_R_SIGNFAILURE));
@@ -423,13 +420,8 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
                                                ISC_R_FAILURE));
         }
  
-       if (EVP_DigestVerifyUpdate(ctx, tbsreg.base, tbsreg.length) != 1) {
-               DST_RET(dst__openssl_toresult3(dctx->category,
-                                              "EVP_DigestVerifyUpdate",
-                                              ISC_R_FAILURE));
-       }
-
-       status = EVP_DigestVerifyFinal(ctx, sig->base, siglen);
+       status = EVP_DigestVerify(ctx, sig->base, siglen,
+                                 tbsreg.base, tbsreg.length);
  
         switch (status) {
         case 1:
author	Witold Kręcicki <wpk@isc.org>
	Thu, 4 Oct 2018 10:19:10 +0000 (12:19 +0200)
committer	Michał Kępień <michal@isc.org>
	Thu, 4 Oct 2018 10:38:46 +0000 (12:38 +0200)
CHANGES		patch \| blob \| blame \| history
lib/dns/openssleddsa_link.c		patch \| blob \| blame \| history