From 4019dbed8531381f0971151d83c6f7eb31ae841a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Sat, 4 Feb 2012 23:45:01 +0100
Subject: [PATCH] pki: Add ecdsa support for signature verification.

---
 src/pki.c | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/src/pki.c b/src/pki.c
index b615ded8..73153ba5 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -1191,7 +1191,6 @@ int ssh_pki_signature_verify_blob(ssh_session session,
                                   unsigned char *digest,
                                   size_t dlen)
 {
-    unsigned char hash[SHA_DIGEST_LEN] = {0};
     ssh_signature sig;
     int rc;
 
@@ -1206,17 +1205,34 @@ int ssh_pki_signature_verify_blob(ssh_session session,
             key->type_c);
 
 
-    sha1(digest, dlen, hash);
+    if (key->type == SSH_KEYTYPE_ECDSA) {
+#if HAVE_ECC
+        unsigned char ehash[EVP_DIGEST_LEN] = {0};
+        uint32_t elen;
 
+        evp(key->ecdsa_nid, digest, dlen, ehash, &elen);
+
+        rc = pki_signature_verify(session,
+                                  sig,
+                                  key,
+                                  ehash,
+                                  elen);
+#endif
+    } else {
+        unsigned char hash[SHA_DIGEST_LEN] = {0};
+
+        sha1(digest, dlen, hash);
 #ifdef DEBUG_CRYPTO
-    ssh_print_hexa("Hash to be verified with dsa", hash, SHA_DIGEST_LEN);
+        ssh_print_hexa("Hash to be verified with dsa", hash, SHA_DIGEST_LEN);
 #endif
 
-    rc = pki_signature_verify(session,
-                              sig,
-                              key,
-                              hash,
-                              SHA_DIGEST_LEN);
+        rc = pki_signature_verify(session,
+                                  sig,
+                                  key,
+                                  hash,
+                                  SHA_DIGEST_LEN);
+    }
+
     ssh_signature_free(sig);
 
     return rc;