Permalink
Browse files

Use hashed input for ECDSA

  • Loading branch information...
1 parent 3dd139d commit 0fda1d9170f0e460c134e1ce7851de7089440277 @cmouse cmouse committed Mar 31, 2015
Showing with 11 additions and 2 deletions.
  1. +11 −2 pdns/pkcs11signers.cc
View
@@ -736,7 +736,12 @@ std::string PKCS11DNSCryptoKeyEngine::sign(const std::string& msg) const {
mech.mechanism = dnssec2smech[d_algorithm];
mech.pParameter = NULL;
mech.ulParameterLen = 0;
- if (d_slot->Sign(msg, result, &mech)) throw PDNSException("Could not sign data");
+
+ if (mech.mechanism == CKM_ECDSA) {
+ if (d_slot->Sign(this->hash(msg), result, &mech)) throw PDNSException("Could not sign data");
+ } else {
+ if (d_slot->Sign(msg, result, &mech)) throw PDNSException("Could not sign data");
+ }
return result;
};
@@ -796,7 +801,11 @@ bool PKCS11DNSCryptoKeyEngine::verify(const std::string& msg, const std::string&
mech.mechanism = dnssec2smech[d_algorithm];
mech.pParameter = NULL;
mech.ulParameterLen = 0;
- return (d_slot->Verify(msg, signature, &mech) == 0);
+ if (mech.mechanism == CKM_ECDSA) {
+ return (d_slot->Verify(this->hash(msg), signature, &mech)==0);
+ } else {
+ return (d_slot->Verify(msg, signature, &mech) == 0);
+ }
};
std::string PKCS11DNSCryptoKeyEngine::getPubKeyHash() const {

0 comments on commit 0fda1d9

Please sign in to comment.