use EVP_PKEY for signing

2025-01-22 21:37:17 +01:00 · 2024-10-08 18:44:46 -04:00 · 2024-10-08 18:44:46 -04:00 · 88a5f8b125
parent 78847306e9
commit 88a5f8b125
1 changed files with 22 additions and 27 deletions
--- a/libi2pd/Family.cpp
+++ b/libi2pd/Family.cpp
@ -136,34 +136,29 @@ namespace data
 		if (ret)
 		{
 			SSL * ssl = SSL_new (ctx);
-			EVP_PKEY * pkey = SSL_get_privatekey (ssl);
+			auto pkey = SSL_get_privatekey (ssl);
-			EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
+			if (pkey)
 			if (ecKey)
 			{
-				auto group = EC_KEY_get0_group (ecKey);
+				uint8_t buf[100], signature[128];
 				if (group)
 				{
 					int curve = EC_GROUP_get_curve_name (group);
 					if (curve == NID_X9_62_prime256v1)
 					{
 						uint8_t signingPrivateKey[32], buf[50], signature[64];
 						i2p::crypto::bn2buf (EC_KEY_get0_private_key (ecKey), signingPrivateKey, 32);
 						i2p::crypto::ECDSAP256Signer signer (signingPrivateKey);
 				size_t len = family.length ();
 				memcpy (buf, family.c_str (), len);
 				memcpy (buf + len, (const uint8_t *)ident, 32);
 				len += 32;
-						signer.Sign (buf, len, signature);
+				size_t l = 128;
-						len = Base64EncodingBufferSize (64);
+				EVP_MD_CTX * mdctx = EVP_MD_CTX_create ();
 				EVP_DigestSignInit (mdctx, NULL, NULL, NULL, pkey);
 				if (EVP_DigestSign (mdctx, signature, &l, buf, len))
 				{
 					len = Base64EncodingBufferSize (l);
 					char * b64 = new char[len+1];
-						len = ByteStreamToBase64 (signature, 64, b64, len);
+					len = ByteStreamToBase64 (signature, l, b64, len);
 					b64[len] = 0;
 					sig = b64;
 					delete[] b64;
 				}	
 				else		
-						LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
+					LogPrint (eLogError, "Family: signing failed");
-				}
+				EVP_MD_CTX_destroy (mdctx);
 			}	
 			SSL_free (ssl);
 		}