From 6f48f0d11462dba88aa14e0fcd5b5c6abdb5e660 Mon Sep 17 00:00:00 2001 From: Ivan Grokhotkov Date: Fri, 18 Sep 2015 12:38:27 +0300 Subject: [PATCH] Store fingerprint as raw byte array --- ssl/crypto_misc.h | 2 +- ssl/tls1.c | 3 +-- ssl/x509.c | 7 +++---- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h index 5b08d36e48..0201f5b5e1 100644 --- a/ssl/crypto_misc.h +++ b/ssl/crypto_misc.h @@ -76,7 +76,7 @@ struct _x509_ctx uint8_t sig_type; RSA_CTX *rsa_ctx; bigint *digest; - bigint *fingerprint; + uint8_t *fingerprint; struct _x509_ctx *next; }; diff --git a/ssl/tls1.c b/ssl/tls1.c index c2895ea5f6..f0b527676e 100644 --- a/ssl/tls1.c +++ b/ssl/tls1.c @@ -1892,8 +1892,7 @@ EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp) uint8_t cert_fp[SHA1_SIZE]; X509_CTX* x509 = ssl->x509_ctx; - bi_export(x509->rsa_ctx->bi_ctx, x509->fingerprint, cert_fp, SHA1_SIZE); - return memcmp(cert_fp, fp, SHA1_SIZE); + return memcmp(x509->fingerprint, fp, SHA1_SIZE); } #endif /* CONFIG_SSL_CERT_VERIFICATION */ diff --git a/ssl/x509.c b/ssl/x509.c index 7402a4d794..a291f20127 100644 --- a/ssl/x509.c +++ b/ssl/x509.c @@ -119,12 +119,11 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx) bi_ctx = x509_ctx->rsa_ctx->bi_ctx; + x509_ctx->fingerprint = malloc(SHA1_SIZE); SHA1_CTX sha_fp_ctx; - uint8_t sha_fp_dgst[SHA1_SIZE]; SHA1_Init(&sha_fp_ctx); SHA1_Update(&sha_fp_ctx, &cert[0], cert_size); - SHA1_Final(sha_fp_dgst, &sha_fp_ctx); - x509_ctx->fingerprint = bi_import(bi_ctx, sha_fp_dgst, SHA1_SIZE); + SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx); #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */ /* use the appropriate signature algorithm (SHA1/MD5/MD2) */ @@ -254,7 +253,7 @@ void x509_free(X509_CTX *x509_ctx) if (x509_ctx->fingerprint) { - bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->fingerprint); + free(x509_ctx->fingerprint); } if (x509_ctx->subject_alt_dnsnames)