diff options
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_ec_private_key.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_ec_private_key.c | 101 |
1 files changed, 48 insertions, 53 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index aeab15f26..d6b442ae9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: openssl_ec_private_key.c 4317 2008-09-02 11:00:13Z martin $ */ #include "openssl_ec_private_key.h" @@ -130,36 +128,18 @@ static bool sig2chunk(const EC_GROUP *group, ECDSA_SIG *sig, chunk_t *chunk) * Build the signature */ static bool build_signature(private_openssl_ec_private_key_t *this, - int hash_type, chunk_t data, chunk_t *signature) + chunk_t hash, chunk_t *signature) { - chunk_t hash = chunk_empty; - ECDSA_SIG *sig; - bool ret = FALSE; - - if (!openssl_hash_chunk(hash_type, data, &hash)) - { - return FALSE; - } - - sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); + ECDSA_SIG *sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); + bool success; + if (!sig) { - goto error; - } - - if (!sig2chunk(EC_KEY_get0_group(this->ec), sig, signature)) - { - goto error; - } - - ret = TRUE; -error: - chunk_free(&hash); - if (sig) - { - ECDSA_SIG_free(sig); + return FALSE; } - return ret; + success = sig2chunk(EC_KEY_get0_group(this->ec), sig, signature); + ECDSA_SIG_free(sig); + return success; } /** @@ -176,36 +156,51 @@ static key_type_t get_type(private_openssl_ec_private_key_t *this) static bool sign(private_openssl_ec_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { - EC_GROUP *req_group; - const EC_GROUP *my_group; - int hash, curve; - - if (!lookup_scheme(scheme, &hash, &curve)) - { - DBG1("signature scheme %N not supported in EC", - signature_scheme_names, scheme); - return FALSE; - } - - req_group = EC_GROUP_new_by_curve_name(curve); - if (!req_group) + bool success; + + if (scheme == SIGN_ECDSA_WITH_NULL) { - DBG1("signature scheme %N not supported in EC (required curve not supported)", - signature_scheme_names, scheme); - return FALSE; + success = build_signature(this, data, signature); } - - my_group = EC_KEY_get0_group(this->ec); - if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) + else { - DBG1("signature scheme %N not supported by private key", - signature_scheme_names, scheme); - return FALSE; - } + EC_GROUP *req_group; + const EC_GROUP *my_group; + chunk_t hash = chunk_empty; + int hash_type, curve; + + if (!lookup_scheme(scheme, &hash_type, &curve)) + { + DBG1("signature scheme %N not supported in EC", + signature_scheme_names, scheme); + return FALSE; + } - EC_GROUP_free(req_group); + req_group = EC_GROUP_new_by_curve_name(curve); + if (!req_group) + { + DBG1("signature scheme %N not supported in EC (required curve not supported)", + signature_scheme_names, scheme); + return FALSE; + } - return build_signature(this, hash, data, signature); + my_group = EC_KEY_get0_group(this->ec); + if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) + { + DBG1("signature scheme %N not supported by private key", + signature_scheme_names, scheme); + return FALSE; + } + EC_GROUP_free(req_group); + + if (!openssl_hash_chunk(hash_type, data, &hash)) + { + return FALSE; + } + success = build_signature(this, hash, signature); + chunk_free(&hash); + } + return success; } /** |