X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fopenssl%2Fecdsa.c;h=e2af6f9cddbdc581256a630bcd937be298452fbf;hb=70a1a5594af5d4e6a364186b42ba4e34c676009b;hp=85c6a47b38eb89507dc0d0f7435c9dd847d70908;hpb=ff751903aa82bd6dd66a099f9c05dcdae9fc57f2;p=tinc

diff --git a/src/openssl/ecdsa.c b/src/openssl/ecdsa.c
index 85c6a47b..e2af6f9c 100644
--- a/src/openssl/ecdsa.c
+++ b/src/openssl/ecdsa.c
@@ -1,6 +1,6 @@
 /*
     ecdsa.c -- ECDSA key handling
-    Copyright (C) 2011 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -30,14 +30,18 @@
 //
 bool ecdsa_set_base64_public_key(ecdsa_t *ecdsa, const char *p) {
 	*ecdsa = EC_KEY_new_by_curve_name(NID_secp521r1);
+	if(!*ecdsa) {
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "EC_KEY_new_by_curve_name failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		return false;
+	}
 
 	int len = strlen(p);
 	unsigned char pubkey[len / 4 * 3 + 3];
 	const unsigned char *ppubkey = pubkey;
-	len = b64decode(p, pubkey, len);
+	len = b64decode(p, (char *)pubkey, len);
 
 	if(!o2i_ECPublicKey(ecdsa, &ppubkey, len)) {
-		logger(LOG_DEBUG, "o2i_ECPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "o2i_ECPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}
 
@@ -49,7 +53,7 @@ char *ecdsa_get_base64_public_key(ecdsa_t *ecdsa) {
 	int len = i2o_ECPublicKey(*ecdsa, &pubkey);
 
 	char *base64 = malloc(len * 4 / 3 + 5);
-	b64encode(pubkey, base64, len);
+	b64encode((char *)pubkey, base64, len);
 
 	free(pubkey);
 
@@ -64,7 +68,7 @@ bool ecdsa_read_pem_public_key(ecdsa_t *ecdsa, FILE *fp) {
 	if(*ecdsa)
 		return true;
 
-	logger(LOG_ERR, "Unable to read ECDSA public key: %s", ERR_error_string(ERR_get_error(), NULL));
+	logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA public key: %s", ERR_error_string(ERR_get_error(), NULL));
 	return false;
 }
 
@@ -73,8 +77,8 @@ bool ecdsa_read_pem_private_key(ecdsa_t *ecdsa, FILE *fp) {
 
 	if(*ecdsa)
 		return true;
-	
-	logger(LOG_ERR, "Unable to read ECDSA private key: %s", ERR_error_string(ERR_get_error(), NULL));
+
+	logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA private key: %s", ERR_error_string(ERR_get_error(), NULL));
 	return false;
 }
 
@@ -87,31 +91,27 @@ size_t ecdsa_size(ecdsa_t *ecdsa) {
 bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
 	unsigned int siglen = ECDSA_size(*ecdsa);
 
-	char hash[SHA512_DIGEST_LENGTH];
+	unsigned char hash[SHA512_DIGEST_LENGTH];
 	SHA512(in, len, hash);
 
 	memset(sig, 0, siglen);
 
 	if(!ECDSA_sign(0, hash, sizeof hash, sig, &siglen, *ecdsa)) {
-		logger(LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}
 
-	if(siglen != ECDSA_size(*ecdsa)) {
-		logger(LOG_ERR, "Signature length %d != %d", siglen, ECDSA_size(*ecdsa));
-	}
-
 	return true;
 }
 
 bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) {
 	unsigned int siglen = ECDSA_size(*ecdsa);
 
-	char hash[SHA512_DIGEST_LENGTH];
+	unsigned char hash[SHA512_DIGEST_LENGTH];
 	SHA512(in, len, hash);
 
 	if(!ECDSA_verify(0, hash, sizeof hash, sig, siglen, *ecdsa)) {
-		logger(LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}