Generalize crypto::SignatureCreator to allow choice of hash function, so as to support SHA256 (not …

crypto/signature_creator_openssl.cc

Index: crypto/signature_creator_openssl.cc
diff --git a/crypto/signature_creator_openssl.cc b/crypto/signature_creator_openssl.cc
index 3c8f532cbebc2a31aaf26989fa9b4c622ae337fa..801d9aefd41ef03a4107a28bb717d552c78feaf2 100644
--- a/crypto/signature_creator_openssl.cc
+++ b/crypto/signature_creator_openssl.cc
@@ -16,12 +16,47 @@
 
 namespace crypto {
 
+namespace {
+
+const EVP_MD* ToOpenSSLDigest(SignatureCreator::HashAlgorithm hash_alg) {
+  switch (hash_alg) {
+    case SignatureCreator::SHA1:
+      return EVP_sha1();
+    case SignatureCreator::SHA256:
+      return EVP_sha256();
+  }
+  return NULL;
+}
+
+int ToOpenSSLDigestType(SignatureCreator::HashAlgorithm hash_alg) {
+  switch (hash_alg) {
+    case SignatureCreator::SHA1:
+      return NID_sha1;
+    case SignatureCreator::SHA256:
+      return NID_sha256;
+  }
+  return NID_undef;
+}
+
+}  // namespace
+
 // static
 SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key) {
+  return CreateUsingSpecifiedHash(key, SignatureCreator::SHA1);
+}
+
+// static
+SignatureCreator* SignatureCreator::CreateUsingSpecifiedHash(
+    RSAPrivateKey* key, HashAlgorithm hash_alg) {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
   scoped_ptr<SignatureCreator> result(new SignatureCreator);
   result->key_ = key;
-  if (!EVP_SignInit_ex(result->sign_context_, EVP_sha1(), NULL))
+  const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
+  DCHECK(digest);
+  if (!digest) {
+    return NULL;
+  }
+  if (!EVP_SignInit_ex(result->sign_context_, digest, NULL))
     return NULL;
   return result.release();
 }
@@ -31,14 +66,24 @@ bool SignatureCreator::Sign(RSAPrivateKey* key,
                             const uint8* data,
                             int data_len,
                             std::vector<uint8>* signature) {
-  ScopedRSA rsa_key(EVP_PKEY_get1_RSA(key->key()));
+  return SignUsingSpecifiedHash(
+      key, SignatureCreator::SHA1, data, data_len, signature);
+}
+
+// static
+bool SignatureCreator::SignUsingSpecifiedHash(RSAPrivateKey* key,
+                                              HashAlgorithm hash_alg,
+                                              const uint8* data,
+                                              int data_len,
+                                              std::vector<uint8>* signature) {
+  ScopedRSA rsa_key (EVP_PKEY_get1_RSA(key->key()));
   if (!rsa_key)
     return false;
   signature->resize(RSA_size(rsa_key.get()));
 
   unsigned int len = 0;
-  bool success = RSA_sign(NID_sha1, data, data_len, vector_as_array(signature),
-                          &len, rsa_key.get());
+  bool success = RSA_sign(ToOpenSSLDigestType(hash_alg), data, data_len,
+                          vector_as_array(signature), &len, rsa_key.get());
   if (!success) {
     signature->clear();
     return false;