libsec: implement dh parameter signature verification, stop lying about non-rsa ciphers, fix memory leaks in X509 code
actually verify the diffie hellman parameter signature, this comes in two flavours. TLS1.2 uses X509 signature with a single hash specified by the signature algorithm field in the signature itself and pre TLS1.2 where md5+sha1 hashes of the signed blob are pkcs1 padded and encrypted with the rsa private key. stop advertizing non-rsa cipher suits (DSS and ECDSA), as we have not implmenented them. fix some memory leaks in X509 code while we'r at it.
This commit is contained in:
parent
8baa859319
commit
c3e1c158f6
3 changed files with 148 additions and 66 deletions
|
@ -274,6 +274,8 @@ uchar* decodePEM(char *s, char *type, int *len, char **new_s);
|
|||
PEMChain* decodepemchain(char *s, char *type);
|
||||
uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
|
||||
uchar* X509req(RSApriv *priv, char *subj, int *certlen);
|
||||
char* X509verifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk);
|
||||
char* X509verifydata(uchar *sig, int siglen, uchar *data, int datalen, RSApub *pk);
|
||||
char* X509verify(uchar *cert, int ncert, RSApub *pk);
|
||||
void X509dump(uchar *cert, int ncert);
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue