Skip to content

Commit

Permalink
Critical security fix in verifyWithMessage
Browse files Browse the repository at this point in the history
  • Loading branch information
@CMEONE
CMEONE committed Jun 15, 2021
1 parent 4e7169c commit a121b34
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion node/tenvoy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2166,7 +2166,7 @@ function tEnvoyNaClSigningKey(key, type = "secret", password = null, passwordPro
throw "tEnvoyNaClSigningKey Fatal Error: Invalid signature.";
}
let hash = _tEnvoy.util.hexToBytes(signed.split("::")[0]);
return this.verify(signed, password) && _tEnvoy.util.bytesToHex(_nacl.hash(_tEnvoy.util.pack(message))) == _tEnvoy.util.bytesToHex(hash);
return this.verify(signed, password).verified && _tEnvoy.util.bytesToHex(_nacl.hash(_tEnvoy.util.pack(message))) == _tEnvoy.util.bytesToHex(hash);
}

this.toPublic = (password = null) => {
Expand Down
2 changes: 1 addition & 1 deletion tenvoy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48183,7 +48183,7 @@ function tEnvoyNaClSigningKey(key, type = "secret", password = null, passwordPro
throw "tEnvoyNaClSigningKey Fatal Error: Invalid signature.";
}
let hash = _tEnvoy.util.hexToBytes(signed.split("::")[0]);
return this.verify(signed, password) && _tEnvoy.util.bytesToHex(_nacl.hash(_tEnvoy.util.pack(message))) == _tEnvoy.util.bytesToHex(hash);
return this.verify(signed, password).verified && _tEnvoy.util.bytesToHex(_nacl.hash(_tEnvoy.util.pack(message))) == _tEnvoy.util.bytesToHex(hash);
}

this.toPublic = (password = null) => {
Expand Down

0 comments on commit a121b34

Please sign in to comment.