9pfs/solanum-vs-hackint-and-charybdis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

GNUTLS: Fixup fingerprint generation across library versions

Browse source 
Also remove some unnecessary variables, e.g. write directy to the
return buffer, in line with the other backends.
This commit is contained in:
Aaron Jones 2016-08-19 19:05:22 +00:00
parent f15a30a16f
commit 3288fc4648
No known key found for this signature in database
GPG key ID: EC6F86EE9CD840B5
1 changed files with 20 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
libratbox/src/gnutls.c
View file

@ -599,60 +599,51 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
{ {
gnutls_x509_crt_t cert; gnutls_x509_crt_t cert;
gnutls_digest_algorithm_t algo; gnutls_digest_algorithm_t algo;
unsigned int cert_list_size; unsigned int cert_list_size = 0;
const gnutls_datum_t *cert_list; const gnutls_datum_t *cert_list;
uint8_t digest[RB_SSL_CERTFP_LEN * 2];
size_t digest_size; size_t digest_size;
int len;
if (gnutls_certificate_type_get(SSL_P(F)) != GNUTLS_CRT_X509)
return 0;
if (gnutls_x509_crt_init(&cert) < 0)
return 0;
cert_list_size = 0;
cert_list = gnutls_certificate_get_peers(SSL_P(F), &cert_list_size);
if (cert_list == NULL)
{
gnutls_x509_crt_deinit(cert);
return 0;
}
if (gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0)
{
gnutls_x509_crt_deinit(cert);
return 0;
}
switch(method) switch(method)
{ {
case RB_SSL_CERTFP_METH_SHA1: case RB_SSL_CERTFP_METH_SHA1:
algo = GNUTLS_DIG_SHA1; algo = GNUTLS_DIG_SHA1;
len = RB_SSL_CERTFP_LEN_SHA1;
break; break;
case RB_SSL_CERTFP_METH_SHA256: case RB_SSL_CERTFP_METH_SHA256:
algo = GNUTLS_DIG_SHA256; algo = GNUTLS_DIG_SHA256;
len = RB_SSL_CERTFP_LEN_SHA256;
break; break;
case RB_SSL_CERTFP_METH_SHA512: case RB_SSL_CERTFP_METH_SHA512:
algo = GNUTLS_DIG_SHA512; algo = GNUTLS_DIG_SHA512;
len = RB_SSL_CERTFP_LEN_SHA512;
break; break;
default: default:
return 0; return 0;
} }
if (gnutls_x509_crt_get_fingerprint(cert, algo, digest, &digest_size) < 0) if (gnutls_certificate_type_get(SSL_P(F)) != GNUTLS_CRT_X509)
return 0;
cert_list = gnutls_certificate_get_peers(SSL_P(F), &cert_list_size);
if (cert_list_size <= 0)
return 0;
if (gnutls_x509_crt_init(&cert) != GNUTLS_E_SUCCESS)
return 0;
if (gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS)
{ {
gnutls_x509_crt_deinit(cert); gnutls_x509_crt_deinit(cert);
return 0; return 0;
} }
memcpy(certfp, digest, len); if (gnutls_x509_crt_get_fingerprint(cert, algo, certfp, &digest_size) != 0)
{
gnutls_x509_crt_deinit(cert);
return 0;
}
gnutls_x509_crt_deinit(cert); gnutls_x509_crt_deinit(cert);
return len;
return (int) digest_size;
} }
int int