EdDSA verifiers now reject overly long signatures

- see https://github.com/bcgit/bc-java/issues/508
author: Peter Dettman <peter.dettman@bouncycastle.org> 2019-04-30 21:29:35 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2019-04-30 21:29:35 +0700
commit: 0e7c96c131e921612e5521f33f57f319c9a6605f (patch)
tree: beca8c87111c7b4ca05399209e89b109653a5177 /crypto/src
parent: Merge branch 'kakkerlakgly-patch-3' (diff)
download: BouncyCastle.NET-ed25519-0e7c96c131e921612e5521f33f57f319c9a6605f.tar.xz
5 files changed, 13 insertions, 0 deletions
diff --git a/crypto/src/crypto/signers/Ed25519Signer.cs b/crypto/src/crypto/signers/Ed25519Signer.cs
index ef8714188..a916601e6 100644
--- a/crypto/src/crypto/signers/Ed25519Signer.cs
+++ b/crypto/src/crypto/signers/Ed25519Signer.cs
@@ -99,6 +99,9 @@ namespace Org.BouncyCastle.Crypto.Signers
 
             internal bool VerifySignature(Ed25519PublicKeyParameters publicKey, byte[] signature)
             {
+                if (Ed25519.SignatureSize != signature.Length)
+                    return false;
+
                 lock (this)
                 {
 #if PORTABLE
diff --git a/crypto/src/crypto/signers/Ed25519ctxSigner.cs b/crypto/src/crypto/signers/Ed25519ctxSigner.cs
index 60c708019..ab7201b62 100644
--- a/crypto/src/crypto/signers/Ed25519ctxSigner.cs
+++ b/crypto/src/crypto/signers/Ed25519ctxSigner.cs
@@ -101,6 +101,9 @@ namespace Org.BouncyCastle.Crypto.Signers
 
             internal bool VerifySignature(Ed25519PublicKeyParameters publicKey, byte[] ctx, byte[] signature)
             {
+                if (Ed25519.SignatureSize != signature.Length)
+                    return false;
+
                 lock (this)
                 {
 #if PORTABLE
diff --git a/crypto/src/crypto/signers/Ed25519phSigner.cs b/crypto/src/crypto/signers/Ed25519phSigner.cs
index 548ca1f29..2538b16f5 100644
--- a/crypto/src/crypto/signers/Ed25519phSigner.cs
+++ b/crypto/src/crypto/signers/Ed25519phSigner.cs
@@ -75,6 +75,8 @@ namespace Org.BouncyCastle.Crypto.Signers
         {
             if (forSigning || null == publicKey)
                 throw new InvalidOperationException("Ed25519phSigner not initialised for verification");
+            if (Ed25519.SignatureSize != signature.Length)
+                return false;
 
             byte[] pk = publicKey.GetEncoded();
             return Ed25519.VerifyPrehash(signature, 0, pk, 0, context, prehash);
diff --git a/crypto/src/crypto/signers/Ed448Signer.cs b/crypto/src/crypto/signers/Ed448Signer.cs
index 0863e5dd1..b0563d544 100644
--- a/crypto/src/crypto/signers/Ed448Signer.cs
+++ b/crypto/src/crypto/signers/Ed448Signer.cs
@@ -101,6 +101,9 @@ namespace Org.BouncyCastle.Crypto.Signers
 
             internal bool VerifySignature(Ed448PublicKeyParameters publicKey, byte[] ctx, byte[] signature)
             {
+                if (Ed448.SignatureSize != signature.Length)
+                    return false;
+
                 lock (this)
                 {
 #if PORTABLE
diff --git a/crypto/src/crypto/signers/Ed448phSigner.cs b/crypto/src/crypto/signers/Ed448phSigner.cs
index 8f451f9e8..d656c1392 100644
--- a/crypto/src/crypto/signers/Ed448phSigner.cs
+++ b/crypto/src/crypto/signers/Ed448phSigner.cs
@@ -75,6 +75,8 @@ namespace Org.BouncyCastle.Crypto.Signers
         {
             if (forSigning || null == publicKey)
                 throw new InvalidOperationException("Ed448phSigner not initialised for verification");
+            if (Ed448.SignatureSize != signature.Length)
+                return false;
 
             byte[] pk = publicKey.GetEncoded();
             return Ed448.VerifyPrehash(signature, 0, pk, 0, context, prehash);
author	Peter Dettman <peter.dettman@bouncycastle.org>	2019-04-30 21:29:35 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2019-04-30 21:29:35 +0700
commit	0e7c96c131e921612e5521f33f57f319c9a6605f (patch)
tree	beca8c87111c7b4ca05399209e89b109653a5177 /crypto/src
parent	Merge branch 'kakkerlakgly-patch-3' (diff)
download	BouncyCastle.NET-ed25519-0e7c96c131e921612e5521f33f57f319c9a6605f.tar.xz