libsec: implement dh parameter signature verification, stop lying about non-rsa ciphers, fix memory leaks in X509 code

actually verify the diffie hellman parameter signature, this
comes in two flavours. TLS1.2 uses X509 signature with a
single hash specified by the signature algorithm field in
the signature itself and pre TLS1.2 where md5+sha1 hashes
of the signed blob are pkcs1 padded and encrypted with the
rsa private key.

stop advertizing non-rsa cipher suits (DSS and ECDSA), as
we have not implmenented them.

fix some memory leaks in X509 code while we'r at it.
This commit is contained in:
cinap_lenrek 2015-09-22 18:10:52 +02:00
parent 8baa859319
commit c3e1c158f6
3 changed files with 148 additions and 66 deletions

View file

@ -274,6 +274,8 @@ uchar* decodePEM(char *s, char *type, int *len, char **new_s);
PEMChain* decodepemchain(char *s, char *type);
uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
uchar* X509req(RSApriv *priv, char *subj, int *certlen);
char* X509verifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk);
char* X509verifydata(uchar *sig, int siglen, uchar *data, int datalen, RSApub *pk);
char* X509verify(uchar *cert, int ncert, RSApub *pk);
void X509dump(uchar *cert, int ncert);