X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fopenssl%2Fecdsa.c;h=c3b9683334c36077e7a4d7812f91d41a049d5f34;hb=73863fab8ae1ecd8307aaeef486919cc76b85d63;hp=84fe8fd93ce1c55d40823ebeb0b2c41bdf4db8d6;hpb=95e1cc36d320b47408ac3ec6f89df54e55a010d4;p=tinc

diff --git a/src/openssl/ecdsa.c b/src/openssl/ecdsa.c
index 84fe8fd9..c3b96833 100644
--- a/src/openssl/ecdsa.c
+++ b/src/openssl/ecdsa.c
@@ -70,12 +70,38 @@ size_t ecdsa_size(ecdsa_t *ecdsa) {
 	return ECDSA_size(*ecdsa);
 }
 
+// TODO: standardise output format?
+
 bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
-	logger(LOG_ERR, "Unable to perform ECDSA signature: %s", ERR_error_string(ERR_get_error(), NULL));
-	return false;	
+	unsigned int siglen = ECDSA_size(*ecdsa);
+
+	char hash[SHA512_DIGEST_LENGTH];
+	SHA512(in, len, hash);
+
+	memset(sig, 0, siglen);
+
+	if(!ECDSA_sign(0, hash, sizeof hash, sig, &siglen, *ecdsa)) {
+		logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		return false;
+	}
+
+	if(siglen != ECDSA_size(*ecdsa)) {
+		logger(LOG_ERR, "Signature length %d != %d", siglen, ECDSA_size(*ecdsa));
+	}
+
+	return true;
 }
 
 bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) {
-	logger(LOG_ERR, "Unable to perform ECDSA verification: %s", ERR_error_string(ERR_get_error(), NULL));
-	return false;	
+	unsigned int siglen = ECDSA_size(*ecdsa);
+
+	char hash[SHA512_DIGEST_LENGTH];
+	SHA512(in, len, hash);
+
+	if(!ECDSA_verify(0, hash, sizeof hash, sig, siglen, *ecdsa)) {
+		logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		return false;
+	}
+
+	return true;
 }