xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

libsec: sha256 support for thumbprint files, use it in ssh as well

Browse source 
initThumbprints() now takes an application tag argument
so x509 and ssh can coexist.

the thumbprint entries can now hold both sha1 and sha256
hashes. okThumbprint() now takes a len argument for the
hash length used.

the new function okCertificate() hashes the certificate
with both and checks for any matches.

on failure, okCertificate() returns 0 and sets error string.

we also check for include loops now in thumbfiles, limiting
the number of includes to 8.
This commit is contained in:
cinap_lenrek 2017-04-23 19:00:08 +02:00
parent 2d1fbbdafa
commit 346f5828e0
11 changed files with 126 additions and 123 deletions
Download patch file Download diff file Expand all files Collapse all files

8
sys/include/libsec.h
View file

@ -453,7 +453,8 @@ DSApriv* asn1toDSApriv(uchar*, int);
*/
typedef struct Thumbprint{
struct Thumbprint *next;
uchar sha1[SHA1dlen];
uchar hash[SHA2_256dlen];
uchar len;
} Thumbprint;
typedef struct TLSconn{
@ -479,9 +480,10 @@ int tlsClient(int fd, TLSconn *c);
int tlsServer(int fd, TLSconn *c);
/* thumb.c */
Thumbprint* initThumbprints(char *ok, char *crl);
Thumbprint* initThumbprints(char *ok, char *crl, char *tag);
void freeThumbprints(Thumbprint *ok);
int okThumbprint(uchar *sha1, Thumbprint *ok);
int okThumbprint(uchar *hash, int len, Thumbprint *ok);
int okCertificate(uchar *cert, int len, Thumbprint *ok);
/* readcert.c */
uchar *readcert(char *filename, int *pcertlen);