|
 |
db9c9a |
From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001
|
|
|
db9c9a |
From: minfrin <minfrin@users.noreply.github.com>
|
|
|
db9c9a |
Date: Tue, 5 Jan 2021 23:17:14 +0000
|
|
|
db9c9a |
Subject: [PATCH] Add support for digests detected from ECC certificates
|
|
|
db9c9a |
|
|
|
db9c9a |
Previously, the digest could be detected on RSA certificates only. This
|
|
|
db9c9a |
patch adds detection for ECC certificates.
|
|
|
db9c9a |
|
|
|
db9c9a |
[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2
|
|
|
db9c9a |
back to _htmap ]
|
|
|
db9c9a |
---
|
|
|
db9c9a |
snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++-------
|
|
|
db9c9a |
1 file changed, 50 insertions(+), 10 deletions(-)
|
|
|
db9c9a |
|
|
|
db9c9a |
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
|
|
|
db9c9a |
index c092a007af..432cb5c27c 100644
|
|
|
db9c9a |
--- a/snmplib/snmp_openssl.c
|
|
|
db9c9a |
+++ b/snmplib/snmp_openssl.c
|
|
|
db9c9a |
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
|
|
|
db9c9a |
}
|
|
|
db9c9a |
}
|
|
|
db9c9a |
|
|
|
db9c9a |
-static int _htmap[NS_HASH_MAX + 1] = {
|
|
|
db9c9a |
- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption,
|
|
|
db9c9a |
- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption,
|
|
|
db9c9a |
- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption };
|
|
|
db9c9a |
+static const struct {
|
|
|
db9c9a |
+ uint16_t nid;
|
|
|
db9c9a |
+ uint16_t ht;
|
|
|
db9c9a |
+} _htmap[] = {
|
|
|
db9c9a |
+ { 0, NS_HASH_NONE },
|
|
|
db9c9a |
+#ifdef NID_md5WithRSAEncryption
|
|
|
db9c9a |
+ { NID_md5WithRSAEncryption, NS_HASH_MD5 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_sha1WithRSAEncryption
|
|
|
db9c9a |
+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_ecdsa_with_SHA1
|
|
|
db9c9a |
+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_sha224WithRSAEncryption
|
|
|
db9c9a |
+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_ecdsa_with_SHA224
|
|
|
db9c9a |
+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_sha256WithRSAEncryption
|
|
|
db9c9a |
+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_ecdsa_with_SHA256
|
|
|
db9c9a |
+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_sha384WithRSAEncryption
|
|
|
db9c9a |
+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_ecdsa_with_SHA384
|
|
|
db9c9a |
+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_sha512WithRSAEncryption
|
|
|
db9c9a |
+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+#ifdef NID_ecdsa_with_SHA512
|
|
|
db9c9a |
+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 },
|
|
|
db9c9a |
+#endif
|
|
|
db9c9a |
+};
|
|
|
db9c9a |
|
|
|
db9c9a |
int
|
|
|
db9c9a |
_nid2ht(int nid)
|
|
|
db9c9a |
{
|
|
|
db9c9a |
int i;
|
|
|
db9c9a |
- for (i=1; i<= NS_HASH_MAX; ++i) {
|
|
|
db9c9a |
- if (nid == _htmap[i])
|
|
|
db9c9a |
- return i;
|
|
|
db9c9a |
+
|
|
|
db9c9a |
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
|
|
|
db9c9a |
+ if (_htmap[i].nid == nid)
|
|
|
db9c9a |
+ return _htmap[i].ht;
|
|
|
db9c9a |
}
|
|
|
db9c9a |
return 0;
|
|
|
db9c9a |
}
|
|
|
db9c9a |
@@ -541,9 +577,13 @@ _nid2ht(int nid)
|
|
|
db9c9a |
int
|
|
|
db9c9a |
_ht2nid(int ht)
|
|
|
db9c9a |
{
|
|
|
db9c9a |
- if ((ht < 0) || (ht > NS_HASH_MAX))
|
|
|
db9c9a |
- return 0;
|
|
|
db9c9a |
- return _htmap[ht];
|
|
|
db9c9a |
+ int i;
|
|
|
db9c9a |
+
|
|
|
db9c9a |
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
|
|
|
db9c9a |
+ if (_htmap[i].ht == ht)
|
|
|
db9c9a |
+ return _htmap[i].nid;
|
|
|
db9c9a |
+ }
|
|
|
db9c9a |
+ return 0;
|
|
|
db9c9a |
}
|
|
|
db9c9a |
#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */
|
|
|
db9c9a |
|
|
|
db9c9a |
|