Introduce pk_sign() and use it in ssl
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e3f604f..ffd754e 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2080,22 +2080,34 @@
n += 2;
}
- if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng,
- RSA_PRIVATE, md_alg, hashlen, hash, p + 2 ) ) != 0 )
+ if( ssl->rsa_use_alt )
{
- SSL_DEBUG_RET( 1, "rsa_sign", ret );
- return( ret );
- }
+ if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng,
+ ssl->p_rng, RSA_PRIVATE, md_alg, hashlen,
+ hash, p + 2 ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "rsa_sign", ret );
+ return( ret );
+ }
- signature_len = ssl->rsa_key_len( ssl->rsa_key );
+ signature_len = ssl->rsa_key_len( ssl->rsa_key );
+ }
+ else
+ {
+ if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
+ p + 2 , &signature_len,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "pk_sign", ret );
+ return( ret );
+ }
+ }
}
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) )
{
- ecdsa_context ecdsa;
-
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{
*(p++) = ssl->handshake->sig_alg;
@@ -2104,21 +2116,11 @@
n += 2;
}
- ecdsa_init( &ecdsa );
-
- ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx );
- if( ret == 0 )
+ if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
+ p + 2 , &signature_len,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
{
- ret = ecdsa_write_signature( &ecdsa, hash, hashlen,
- p + 2, &signature_len,
- ssl->f_rng, ssl->p_rng );
- }
-
- ecdsa_free( &ecdsa );
-
- if( ret != 0 )
- {
- SSL_DEBUG_RET( 1, "ecdsa_sign", ret );
+ SSL_DEBUG_RET( 1, "pk_sign", ret );
return( ret );
}
}