nodejs · tniessen · Feb 20, 2020
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -5323,8 +5323,7 @@ void Verify::VerifyUpdate(const FunctionCallbackInfo<Value>& args) {
 
 
 SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey,
-                                    const char* sig,
-                                    int siglen,
+                                    const ByteSource& sig,
                                     int padding,
                                     const Maybe<int>& saltlen,
                                     bool* verify_result) {
@@ -5345,11 +5344,8 @@ SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey,
       ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) &&
       EVP_PKEY_CTX_set_signature_md(pkctx.get(),
                                     EVP_MD_CTX_md(mdctx.get())) > 0) {
-    const int r = EVP_PKEY_verify(pkctx.get(),
-                                  reinterpret_cast<const unsigned char*>(sig),
-                                  siglen,
-                                  m,
-                                  m_len);
+    const unsigned char* s = reinterpret_cast<const unsigned char*>(sig.get());
+    const int r = EVP_PKEY_verify(pkctx.get(), s, sig.size(), m, m_len);
     *verify_result = r == 1;
   }
 
@@ -5394,7 +5390,7 @@ void Verify::VerifyFinal(const FunctionCallbackInfo<Value>& args) {
   }
 
   bool verify_result;
-  Error err = verify->VerifyFinal(pkey, hbuf.data(), hbuf.length(), padding,
+  Error err = verify->VerifyFinal(pkey, signature, padding,
                                   salt_len, &verify_result);
   if (err != kSignOk)
     return verify->CheckThrow(err);

diff --git a/src/node_crypto.h b/src/node_crypto.h
@@ -700,8 +700,7 @@ class Verify : public SignBase {
   static void Initialize(Environment* env, v8::Local<v8::Object> target);
 
   Error VerifyFinal(const ManagedEVPPKey& key,
-                    const char* sig,
-                    int siglen,
+                    const ByteSource& sig,
                     int padding,
                     const v8::Maybe<int>& saltlen,
                     bool* verify_result);

diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
@@ -527,6 +527,9 @@ assert.throws(
     // Unlike DER signatures, IEEE P1363 signatures have a predictable length.
     assert.strictEqual(sig.length, length);
     assert.strictEqual(crypto.verify('sha1', data, opts, sig), true);
+    assert.strictEqual(crypto.createVerify('sha1')
+                             .update(data)
+                             .verify(opts, sig), true);
 
     // Test invalid signature lengths.
     for (const i of [-2, -1, 1, 2, 4, 8]) {
@@ -552,6 +555,14 @@ assert.throws(
       ok
     );
 
+    assert.strictEqual(
+      crypto.createVerify('sha256').update(data).verify({
+        key: fixtures.readKey('ec-key.pem'),
+        dsaEncoding: 'ieee-p1363'
+      }, extSig),
+      ok
+    );
+
     extSig[Math.floor(Math.random() * extSig.length)] ^= 1;
   }