[evolution] ECert: Provide and use SHA256 for certificate comparison
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evolution] ECert: Provide and use SHA256 for certificate comparison
- Date: Mon, 8 Mar 2021 10:29:11 +0000 (UTC)
commit 5966cdf6503218e983a09c57defd1754e6aebfb4
Author: Milan Crha <mcrha redhat com>
Date: Mon Mar 8 11:27:23 2021 +0100
ECert: Provide and use SHA256 for certificate comparison
Move from SHA1 to SHA256 for checksum algorithm for the ECert
certificates.
src/em-format/e-mail-formatter-secure-button.c | 2 +-
src/smime/gui/certificate-manager.c | 5 ++++-
src/smime/lib/e-cert.c | 20 +++++++++++++++++++-
src/smime/lib/e-cert.h | 2 ++
4 files changed, 26 insertions(+), 3 deletions(-)
---
diff --git a/src/em-format/e-mail-formatter-secure-button.c b/src/em-format/e-mail-formatter-secure-button.c
index f456204aa9..46a4a45201 100644
--- a/src/em-format/e-mail-formatter-secure-button.c
+++ b/src/em-format/e-mail-formatter-secure-button.c
@@ -216,7 +216,7 @@ secure_button_smime_cert_exists (const gchar *email,
#define compare_nonnull(_func) (!_func (ec) || g_strcmp0 (_func (ec), _func (found_ec)) == 0)
if (compare_nonnull (e_cert_get_serial_number) &&
- compare_nonnull (e_cert_get_sha1_fingerprint) &&
+ compare_nonnull (e_cert_get_sha256_fingerprint) &&
compare_nonnull (e_cert_get_md5_fingerprint)) {
found = TRUE;
}
diff --git a/src/smime/gui/certificate-manager.c b/src/smime/gui/certificate-manager.c
index c9b433957c..cfdf0d850a 100644
--- a/src/smime/gui/certificate-manager.c
+++ b/src/smime/gui/certificate-manager.c
@@ -89,6 +89,7 @@ static CertTreeColumn yourcerts_columns[] = {
{ G_TYPE_STRING, N_("Issued By Organizational Unit"), e_cert_get_issuer_org_unit, FALSE },
{ G_TYPE_STRING, N_("Issued"), e_cert_get_issued_on, FALSE },
{ G_TYPE_STRING, N_("Expires"), e_cert_get_expires_on, TRUE },
+ /*{ G_TYPE_STRING, N_("SHA256 Fingerprint"), e_cert_get_sha256_fingerprint, FALSE },*/
{ G_TYPE_STRING, N_("SHA1 Fingerprint"), e_cert_get_sha1_fingerprint, FALSE },
{ G_TYPE_STRING, N_("MD5 Fingerprint"), e_cert_get_md5_fingerprint, FALSE },
{ G_TYPE_OBJECT, NULL, NULL, FALSE } /*
Hidden column for ECert * object */
@@ -109,6 +110,7 @@ static CertTreeColumn contactcerts_columns[] = {
{ G_TYPE_STRING, N_("Issued By Organizational Unit"), e_cert_get_issuer_org_unit, FALSE },
{ G_TYPE_STRING, N_("Issued"), e_cert_get_issued_on, FALSE },
{ G_TYPE_STRING, N_("Expires"), e_cert_get_expires_on, TRUE },
+ /*{ G_TYPE_STRING, N_("SHA256 Fingerprint"), e_cert_get_sha256_fingerprint, FALSE },*/
{ G_TYPE_STRING, N_("SHA1 Fingerprint"), e_cert_get_sha1_fingerprint, FALSE },
{ G_TYPE_STRING, N_("MD5 Fingerprint"), e_cert_get_md5_fingerprint, FALSE },
{ G_TYPE_OBJECT, NULL, NULL, FALSE }
@@ -127,6 +129,7 @@ static CertTreeColumn authoritycerts_columns[] = {
{ G_TYPE_STRING, N_("Issued By Organizational Unit"), e_cert_get_issuer_org_unit, FALSE },
{ G_TYPE_STRING, N_("Issued"), e_cert_get_issued_on, FALSE },
{ G_TYPE_STRING, N_("Expires"), e_cert_get_expires_on, TRUE },
+ /*{ G_TYPE_STRING, N_("SHA256 Fingerprint"), e_cert_get_sha256_fingerprint, FALSE },*/
{ G_TYPE_STRING, N_("SHA1 Fingerprint"), e_cert_get_sha1_fingerprint, FALSE },
{ G_TYPE_STRING, N_("MD5 Fingerprint"), e_cert_get_md5_fingerprint, FALSE },
{ G_TYPE_OBJECT, NULL, NULL, FALSE }
@@ -508,7 +511,7 @@ find_cert_cb (GtkTreeModel *model,
if (cert && g_strcmp0 (e_cert_get_serial_number (cert), e_cert_get_serial_number (fcd->cert)) == 0
&& g_strcmp0 (e_cert_get_subject_name (cert), e_cert_get_subject_name (fcd->cert)) == 0
- && g_strcmp0 (e_cert_get_sha1_fingerprint (cert), e_cert_get_sha1_fingerprint (fcd->cert)) == 0
+ && g_strcmp0 (e_cert_get_sha256_fingerprint (cert), e_cert_get_sha256_fingerprint (fcd->cert)) == 0
&& g_strcmp0 (e_cert_get_md5_fingerprint (cert), e_cert_get_md5_fingerprint (fcd->cert)) == 0) {
fcd->path = gtk_tree_path_copy (path);
}
diff --git a/src/smime/lib/e-cert.c b/src/smime/lib/e-cert.c
index 21a6935598..f6792cb352 100644
--- a/src/smime/lib/e-cert.c
+++ b/src/smime/lib/e-cert.c
@@ -91,6 +91,7 @@ struct _ECertPrivate {
gchar *usage_string;
+ gchar *sha256_fingerprint;
gchar *sha1_fingerprint;
gchar *md5_fingerprint;
@@ -140,6 +141,8 @@ e_cert_finalize (GObject *object)
g_free (priv->usage_string);
+ if (priv->sha256_fingerprint)
+ PORT_Free (priv->sha256_fingerprint);
if (priv->sha1_fingerprint)
PORT_Free (priv->sha1_fingerprint);
if (priv->md5_fingerprint)
@@ -205,7 +208,7 @@ static void
e_cert_populate (ECert *cert)
{
CERTCertificate *c = cert->priv->cert;
- guchar fingerprint[20];
+ guchar fingerprint[MAX (SHA256_LENGTH, MAX (SHA1_LENGTH, MD5_LENGTH)) + 1];
SECItem fpItem;
cert->priv->org_name = CERT_GetOrgName (&c->subject);
@@ -249,6 +252,15 @@ e_cert_populate (ECert *cert)
cert->priv->serial_number = CERT_Hexify (&cert->priv->cert->serialNumber, TRUE);
+ memset (fingerprint, 0, sizeof fingerprint);
+ PK11_HashBuf (
+ SEC_OID_SHA256, fingerprint,
+ cert->priv->cert->derCert.data,
+ cert->priv->cert->derCert.len);
+ fpItem.data = fingerprint;
+ fpItem.len = SHA256_LENGTH;
+ cert->priv->sha256_fingerprint = CERT_Hexify (&fpItem, TRUE);
+
memset (fingerprint, 0, sizeof fingerprint);
PK11_HashBuf (
SEC_OID_SHA1, fingerprint,
@@ -431,6 +443,12 @@ e_cert_get_serial_number (ECert *cert)
return cert->priv->serial_number;
}
+const gchar *
+e_cert_get_sha256_fingerprint (ECert *cert)
+{
+ return cert->priv->sha256_fingerprint;
+}
+
const gchar *
e_cert_get_sha1_fingerprint (ECert *cert)
{
diff --git a/src/smime/lib/e-cert.h b/src/smime/lib/e-cert.h
index 8c138d6895..53bc196378 100644
--- a/src/smime/lib/e-cert.h
+++ b/src/smime/lib/e-cert.h
@@ -87,6 +87,8 @@ const gchar * e_cert_get_expires_on (ECert *cert);
const gchar * e_cert_get_usage (ECert *cert);
const gchar * e_cert_get_serial_number (ECert *cert);
+const gchar * e_cert_get_sha256_fingerprint
+ (ECert *cert);
const gchar * e_cert_get_sha1_fingerprint (ECert *cert);
const gchar * e_cert_get_md5_fingerprint (ECert *cert);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
