X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;ds=sidebyside;f=src%2Fopenssl%2Fecdsa.c;h=1c74163e1a1d82cee91c0814fbb36e6e11b3aa71;hb=d917c8cb6b69475d568ccbe82389b9f2b3eb5e80;hp=43464d8835b60c9c37280c682b14e2696965d5f3;hpb=30ef2a981e1d62692b3a2363e0b3a0e8711d9604;p=tinc diff --git a/src/openssl/ecdsa.c b/src/openssl/ecdsa.c index 43464d88..1c74163e 100644 --- a/src/openssl/ecdsa.c +++ b/src/openssl/ecdsa.c @@ -30,15 +30,19 @@ // bool ecdsa_set_base64_public_key(ecdsa_t *ecdsa, const char *p) { *ecdsa = EC_KEY_new_by_curve_name(NID_secp521r1); + if(!*ecdsa) { + logger(DEBUG_ALWAYS, LOG_DEBUG, "EC_KEY_new_by_curve_name failed: %s", ERR_error_string(ERR_get_error(), NULL)); + return false; + } int len = strlen(p); unsigned char pubkey[len / 4 * 3 + 3]; const unsigned char *ppubkey = pubkey; - len = b64decode(p, pubkey, len); + len = b64decode(p, (char *)pubkey, len); if(!o2i_ECPublicKey(ecdsa, &ppubkey, len)) { - logger(LOG_DEBUG, "o2i_ECPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL)); - abort(); + logger(DEBUG_ALWAYS, LOG_DEBUG, "o2i_ECPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL)); + return false; } return true; @@ -49,7 +53,7 @@ char *ecdsa_get_base64_public_key(ecdsa_t *ecdsa) { int len = i2o_ECPublicKey(*ecdsa, &pubkey); char *base64 = malloc(len * 4 / 3 + 5); - b64encode(pubkey, base64, len); + b64encode((char *)pubkey, base64, len); free(pubkey); @@ -64,7 +68,7 @@ bool ecdsa_read_pem_public_key(ecdsa_t *ecdsa, FILE *fp) { if(*ecdsa) return true; - logger(LOG_ERR, "Unable to read ECDSA public key: %s", ERR_error_string(ERR_get_error(), NULL)); + logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA public key: %s", ERR_error_string(ERR_get_error(), NULL)); return false; } @@ -73,8 +77,8 @@ bool ecdsa_read_pem_private_key(ecdsa_t *ecdsa, FILE *fp) { if(*ecdsa) return true; - - logger(LOG_ERR, "Unable to read ECDSA private key: %s", ERR_error_string(ERR_get_error(), NULL)); + + logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA private key: %s", ERR_error_string(ERR_get_error(), NULL)); return false; } @@ -87,31 +91,27 @@ size_t ecdsa_size(ecdsa_t *ecdsa) { bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) { unsigned int siglen = ECDSA_size(*ecdsa); - char hash[SHA512_DIGEST_LENGTH]; + unsigned char hash[SHA512_DIGEST_LENGTH]; SHA512(in, len, hash); memset(sig, 0, siglen); if(!ECDSA_sign(0, hash, sizeof hash, sig, &siglen, *ecdsa)) { - logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL)); + logger(DEBUG_ALWAYS, LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL)); return false; } - if(siglen != ECDSA_size(*ecdsa)) { - logger(LOG_ERR, "Signature length %d != %d", siglen, ECDSA_size(*ecdsa)); - } - return true; } bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) { unsigned int siglen = ECDSA_size(*ecdsa); - char hash[SHA512_DIGEST_LENGTH]; + unsigned char hash[SHA512_DIGEST_LENGTH]; SHA512(in, len, hash); if(!ECDSA_verify(0, hash, sizeof hash, sig, siglen, *ecdsa)) { - logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL)); + logger(DEBUG_ALWAYS, LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL)); return false; }