From 181777791b1be77d9bd1457dc3c8789de5069a01 Mon Sep 17 00:00:00 2001 From: Vincent Sanders Date: Sun, 17 May 2020 16:43:01 +0100 Subject: add fingerprints to the certificate viewer --- content/fetchers/about.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) (limited to 'content/fetchers/about.c') diff --git a/content/fetchers/about.c b/content/fetchers/about.c index d9139e5b5..7ce8ab487 100644 --- a/content/fetchers/about.c +++ b/content/fetchers/about.c @@ -472,6 +472,8 @@ struct ns_cert_info { int sig_type; /**< Signature type */ char *sig_algor; /**< Signature Algorithm */ char *serialnum; /**< Serial number */ + char *sha1fingerprint; /**< fingerprint shar1 encoded */ + char *sha256fingerprint; /**< fingerprint shar256 encoded */ ssl_cert_err err; /**< Whatever is wrong with this certificate */ }; @@ -702,6 +704,43 @@ static char *hexdup(const char *hex) return dst; } + +/** + * create a hex formatted string inserting the colons from binary data + * + * \todo only uses html entity as separator because netsurfs line breaking + * fails otherwise. + */ +static char *bindup(unsigned char *bin, unsigned int binlen) +{ + char *dst; + char *out; + unsigned int idx; + const char hex[] = { '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; + + /* allow space fox XY to expand to XX:YY: */ + dst = malloc(binlen * 7); + + if (dst != NULL) { + out = dst; + for (idx = 0; idx < binlen; idx++) { + *out++ = hex[(bin[idx] & 0xf0) >> 4]; + *out++ = hex[bin[idx] & 0xf]; + + *out++ = '&'; + *out++ = '#'; + *out++ = '5'; + *out++ = '8'; + *out++ = ';'; + } + out -= 5; + *out = 0; + } + return dst; +} + + /** * extract RSA key information to info structure * @@ -958,6 +997,33 @@ der_to_certinfo(const uint8_t *der, } } + /* fingerprints */ + const EVP_MD *digest; + unsigned int dig_len; + unsigned char *buff; + int rc; + + digest = EVP_sha1(); + buff = malloc(EVP_MD_size(digest)); + if (buff != NULL) { + rc = X509_digest(cert, digest, buff, &dig_len); + if ((rc == 1) && (dig_len == (unsigned int)EVP_MD_size(digest))) { + info->sha1fingerprint = bindup(buff, dig_len); + } + free(buff); + } + + digest = EVP_sha256(); + buff = malloc(EVP_MD_size(digest)); + if (buff != NULL) { + rc = X509_digest(cert, digest, buff, &dig_len); + if ((rc == 1) && (dig_len == (unsigned int)EVP_MD_size(digest))) { + info->sha256fingerprint = bindup(buff, dig_len); + } + free(buff); + } + + /* issuer name */ xname_to_info(X509_get_issuer_name(cert), &info->issuer_name); @@ -1136,6 +1202,49 @@ format_certificate_public_key(struct fetch_about_context *ctx, return res; } +static nserror +format_certificate_fingerprint(struct fetch_about_context *ctx, + struct ns_cert_info *cert_info) +{ + nserror res; + + if ((cert_info->sha1fingerprint == NULL) && + (cert_info->sha256fingerprint == NULL)) { + /* skip the table if no fingerprints */ + return NSERROR_OK; + } + + + res = ssenddataf(ctx, + "\n" + "\n"); + if (res != NSERROR_OK) { + return res; + } + + if (cert_info->sha256fingerprint != NULL) { + res = ssenddataf(ctx, + "\n", + cert_info->sha256fingerprint); + if (res != NSERROR_OK) { + return res; + } + } + + if (cert_info->sha1fingerprint != NULL) { + res = ssenddataf(ctx, + "\n", + cert_info->sha1fingerprint); + if (res != NSERROR_OK) { + return res; + } + } + + res = ssenddataf(ctx, "
Fingerprints
SHA-256%s
SHA-1%s
\n"); + + return res; +} + static nserror format_certificate(struct fetch_about_context *ctx, struct ns_cert_info *cert_info) @@ -1232,6 +1341,12 @@ format_certificate(struct fetch_about_context *ctx, "Version%ld\n" "\n", cert_info->version); + if (res != NSERROR_OK) { + return res; + } + + res = format_certificate_fingerprint(ctx, cert_info); + return res; } -- cgit v1.2.3