projects
/
tinc
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
8132be8
)
Hash input before signing it with ECDSA.
author
Guus Sliepen
<guus@tinc-vpn.org>
Fri, 8 Jul 2011 16:17:34 +0000
(18:17 +0200)
committer
Guus Sliepen
<guus@tinc-vpn.org>
Fri, 8 Jul 2011 16:17:34 +0000
(18:17 +0200)
src/openssl/ecdsa.c
patch
|
blob
|
history
diff --git
a/src/openssl/ecdsa.c
b/src/openssl/ecdsa.c
index
000bfaa
..
c3b9683
100644
(file)
--- a/
src/openssl/ecdsa.c
+++ b/
src/openssl/ecdsa.c
@@
-70,13
+70,17
@@
size_t ecdsa_size(ecdsa_t *ecdsa) {
return ECDSA_size(*ecdsa);
}
return ECDSA_size(*ecdsa);
}
-// TODO:
hash first,
standardise output format?
+// TODO: standardise output format?
bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
unsigned int siglen = ECDSA_size(*ecdsa);
bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
unsigned int siglen = ECDSA_size(*ecdsa);
+
+ char hash[SHA512_DIGEST_LENGTH];
+ SHA512(in, len, hash);
+
memset(sig, 0, siglen);
memset(sig, 0, siglen);
- if(!ECDSA_sign(0,
in, len
, sig, &siglen, *ecdsa)) {
+ if(!ECDSA_sign(0,
hash, sizeof hash
, sig, &siglen, *ecdsa)) {
logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL));
return false;
}
logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL));
return false;
}
@@
-91,7
+95,10
@@
bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) {
unsigned int siglen = ECDSA_size(*ecdsa);
bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) {
unsigned int siglen = ECDSA_size(*ecdsa);
- if(!ECDSA_verify(0, in, len, sig, siglen, *ecdsa)) {
+ char hash[SHA512_DIGEST_LENGTH];
+ SHA512(in, len, hash);
+
+ if(!ECDSA_verify(0, hash, sizeof hash, sig, siglen, *ecdsa)) {
logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL));
return false;
}
logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL));
return false;
}