int32_t pklen;
char *pk;
int32_t hashlen;
- int32_t siglen;
- char *sig;
+ struct alg_msg_data sig;
};
static int32_t wait_timeout(struct site *st) {
{
void *hst;
uint8_t *hash;
- string_t dhpub, sig;
+ string_t dhpub;
unsigned minor;
st->retries=st->setup_retries;
hst=st->hash->init();
st->hash->update(hst,st->buffer.start,st->buffer.size);
st->hash->final(hst,hash);
- sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
- buf_append_string(&st->buffer,sig);
- free(sig);
+ bool_t ok=st->privkey->sign(st->privkey->st,hash,st->hash->len,
+ &st->buffer);
+ if (!ok) goto fail;
free(hash);
return True;
+
+ fail:
+ free(hash);
+ return False;
}
static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
CHECK_AVAIL(msg,m->pklen);
m->pk=buf_unprepend(msg,m->pklen);
m->hashlen=msg->start-m->hashstart;
- CHECK_AVAIL(msg,2);
- m->siglen=buf_unprepend_uint16(msg);
- CHECK_AVAIL(msg,m->siglen);
- m->sig=buf_unprepend(msg,m->siglen);
- CHECK_EMPTY(msg);
- /* In `process_msg3_msg4' below, we assume that we can write a nul
- * terminator following the signature. Make sure there's enough space.
- */
- if (msg->start >= msg->base + msg->alloclen)
+ if (!st->pubkey->unpick(st->pubkey->st,msg,&m->sig)) {
return False;
+ }
+
+ CHECK_EMPTY(msg);
return True;
}
hst=st->hash->init();
st->hash->update(hst,m->hashstart,m->hashlen);
st->hash->final(hst,hash);
- /* Terminate signature with a '0' - already checked that this will fit */
- m->sig[m->siglen]=0;
- if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m->sig)) {
+ if (!st->pubkey->check(st->pubkey->st,
+ hash,st->hash->len,
+ &m->sig)) {
slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
free(hash);
return False;
~ian / secnet.git / blobdiff