HGKeeper

pidgin/pidgin

Merged in dequisdequis/pidgin/release-2.x.y (pull request #177)
release-2.x.y
2017-03-07, Gary Kramlich

6a674536b8e5

Parents fe644fbe41c9 b3d0ba7c75f6
Children 887efbd652d8 7d13c981b14f

Merged in dequisdequis/pidgin/release-2.x.y (pull request #177)

certificate: Use SHA256 fingerprints instead of SHA1

Approved-by: Eion Robb
Approved-by: Ethan Blanton
Approved-by: Gary Kramlich

6 files changed, 172 insertions(+), 50 deletions(-)

+3 -0

ChangeLog.API

+77 -32

libpurple/certificate.c

+40 -4

libpurple/certificate.h

+13 -0

libpurple/plugins/perl/common/Certificate.xs

+17 -5

libpurple/plugins/ssl/ssl-gnutls.c

+22 -9

libpurple/plugins/ssl/ssl-nss.c

~~--- a/ChangeLog.API Mon Mar 06 16:06:52 2017 -0300~~

+++ b/ChangeLog.API Tue Mar 07 02:38:54 2017 +0000

@@ -5,6 +5,9 @@

Added:

* PURPLE_MESSAGE_REMOTE_SEND in PurpleMessageFlags, to specify

messages like _SEND that were sent from another location.

+ * purple_certificate_get_fingerprint_sha256

+ * PurpleCertificateScheme.get_fingerprint_sha256

+ * PURPLE_CERTIFICATE_SCHEME_HAS_FUNC

version 2.11.0:

libpurple:

~~--- a/libpurple/certificate.c Mon Mar 06 16:06:52 2017 -0300~~

+++ b/libpurple/certificate.c Tue Mar 07 02:38:54 2017 +0000

@@ -84,6 +84,29 @@

}

+static void

+get_ascii_fingerprints (PurpleCertificate *crt, gchar **sha1, gchar **sha256)

+ GByteArray *sha_bin;

+ if (sha1 != NULL) {

+ sha_bin = purple_certificate_get_fingerprint_sha1(crt);

+ *sha1 = purple_base16_encode_chunked(sha_bin->data, sha_bin->len);

+ g_byte_array_free(sha_bin, TRUE);

+ }

+ if (sha256 != NULL) {

+ sha_bin = purple_certificate_get_fingerprint_sha256(crt, FALSE);

+ *sha256 = (sha_bin == NULL) ? g_strdup("(null)") :

+ purple_base16_encode_chunked(sha_bin->data, sha_bin->len);

+ g_byte_array_free(sha_bin, TRUE);

+ }

void

purple_certificate_verify (PurpleCertificateVerifier *verifier,

const gchar *subject_name, GList *cert_chain,

@@ -388,6 +411,30 @@

return fpr;

}

+GByteArray *

+purple_certificate_get_fingerprint_sha256(PurpleCertificate *crt, gboolean sha1_fallback)

+ PurpleCertificateScheme *scheme;

+ GByteArray *fpr = NULL;

+ g_return_val_if_fail(crt, NULL);

+ g_return_val_if_fail(crt->scheme, NULL);

+ scheme = crt->scheme;

+ if (!PURPLE_CERTIFICATE_SCHEME_HAS_FUNC(scheme, get_fingerprint_sha256)) {

+ /* outdated ssl module? fallback to sha1 and print a warning */

+ if (sha1_fallback) {

+ fpr = purple_certificate_get_fingerprint_sha1(crt);

+ }

+ g_return_val_if_reached(fpr);

+ }

+ fpr = (scheme->get_fingerprint_sha256)(crt);

+ return fpr;

gchar *

purple_certificate_get_unique_id(PurpleCertificate *crt)

{

@@ -630,18 +677,13 @@

static void

x509_singleuse_start_verify (PurpleCertificateVerificationRequest *vrq)

{

~~- gchar *sha_asc;~~

~~- GByteArray *sha_bin;~~

+ gchar *sha1_asc, *sha256_asc;

gchar *cn;

const gchar *cn_match;

~~- gchar *primary, *secondary;~~

+ gchar *primary, *secondary, *secondary_extra;

PurpleCertificate *crt = (PurpleCertificate *) vrq->cert_chain->data;

~~- /* Pull out the SHA1 checksum */~~

~~- sha_bin = purple_certificate_get_fingerprint_sha1(crt);~~

~~- /* Now decode it for display */~~

~~- sha_asc = purple_base16_encode_chunked(sha_bin->data,~~

~~- sha_bin->len);~~

+ get_ascii_fingerprints(crt, &sha1_asc, &sha256_asc);

/* Get the cert Common Name */

cn = purple_certificate_get_subject_name(crt);

@@ -655,14 +697,17 @@

/* Make messages */

primary = g_strdup_printf(_("%s has presented the following certificate for just-this-once use:"), vrq->subject_name);

~~- secondary = g_strdup_printf(_("Common name: %s %s\nFingerprint (SHA1): %s"), cn, cn_match, sha_asc);~~

+ secondary = g_strdup_printf(_("Common name: %s %s\nFingerprint (SHA1): %s"), cn, cn_match, sha1_asc);

+ /* TODO: make this part of the translatable string above */

+ secondary_extra = g_strdup_printf("%s\nSHA256: %s", secondary, sha256_asc);

/* Make a semi-pretty display */

purple_request_accept_cancel(

vrq->cb_data, /* TODO: Find what the handle ought to be */

_("Single-use Certificate Verification"),

primary,

~~- secondary,~~

+ secondary_extra,

0, /* Accept by default */

NULL, /* No account */

NULL, /* No other user */

@@ -675,8 +720,9 @@

g_free(cn);

g_free(primary);

g_free(secondary);

~~- g_free(sha_asc);~~

~~- g_byte_array_free(sha_bin, TRUE);~~

+ g_free(secondary_extra);

+ g_free(sha1_asc);

+ g_free(sha256_asc);

}

static void

@@ -1506,10 +1552,10 @@

return;

}

~~- /* Now get SHA1 sums for both and compare them */~~

+ /* Now get SHA256 sums for both and compare them */

/* TODO: This is not an elegant way to compare certs */

~~- peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt);~~

~~- cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt);~~

+ peer_fpr = purple_certificate_get_fingerprint_sha256(peer_crt, TRUE);

+ cached_fpr = purple_certificate_get_fingerprint_sha256(cached_crt, TRUE);

if (!memcmp(peer_fpr->data, cached_fpr->data, peer_fpr->len)) {

purple_debug_info("certificate/x509/tls_cached",

"Peer cert matched cached\n");

@@ -1616,8 +1662,8 @@

if (ca_crt != NULL) {

GByteArray *failing_fpr;

GByteArray *ca_fpr;

~~- failing_fpr = purple_certificate_get_fingerprint_sha1(failing_crt);~~

~~- ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt);~~

+ failing_fpr = purple_certificate_get_fingerprint_sha256(failing_crt, TRUE);

+ ca_fpr = purple_certificate_get_fingerprint_sha256(ca_crt, TRUE);

if (byte_arrays_equal(failing_fpr, ca_fpr)) {

purple_debug_info("certificate/x509/tls_cached",

"Full chain verification failed (probably a bad "

@@ -1699,10 +1745,10 @@

* If the fingerprints don't match, we'll fall back to checking the

* signature.

~~- last_fpr = purple_certificate_get_fingerprint_sha1(end_crt);~~

+ last_fpr = purple_certificate_get_fingerprint_sha256(end_crt, TRUE);

for (cur = ca_crts; cur; cur = cur->next) {

ca_crt = cur->data;

~~- ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt);~~

+ ca_fpr = purple_certificate_get_fingerprint_sha256(ca_crt, TRUE);

if ( byte_arrays_equal(last_fpr, ca_fpr) ||

purple_certificate_signed_by(end_crt, ca_crt) )

@@ -2152,19 +2198,14 @@

void

purple_certificate_display_x509(PurpleCertificate *crt)

{

~~- gchar *sha_asc;~~

~~- GByteArray *sha_bin;~~

+ gchar *sha1_asc, *sha256_asc;

gchar *cn, *issuer_id;

time_t activation, expiration;

gchar *activ_str, *expir_str;

~~- gchar *secondary;~~

+ gchar *secondary, *secondary_extra;

gboolean self_signed;

~~- /* Pull out the SHA1 checksum */~~

~~- sha_bin = purple_certificate_get_fingerprint_sha1(crt);~~

~~- /* Now decode it for display */~~

~~- sha_asc = purple_base16_encode_chunked(sha_bin->data,~~

~~- sha_bin->len);~~

+ get_ascii_fingerprints(crt, &sha1_asc, &sha256_asc);

/* Get the cert Common Name */

/* TODO: Will break on CA certs */

@@ -2193,20 +2234,23 @@

"Expiration date: %s\n"),

cn ? cn : "(null)",

self_signed ? _("(self-signed)") : (issuer_id ? issuer_id : "(null)"),

~~- sha_asc ? sha_asc : "(null)",~~

+ sha1_asc ? sha1_asc : "(null)",

activ_str ? activ_str : "(null)",

expir_str ? expir_str : "(null)");

+ /* TODO: make this part of the translatable string above */

+ secondary_extra = g_strdup_printf("%sSHA256: %s", secondary, sha256_asc);

/* Make a semi-pretty display */

if (self_signed) {

purple_notify_info(NULL, /* TODO: Find what the handle ought to be */

_("Certificate Information"),

"",

~~- secondary);~~

+ secondary_extra);

} else {

purple_request_action(NULL, /* TODO: Find what the handle ought to be */

_("Certificate Information"), _("Certificate Information"),

~~- secondary, 2, NULL, NULL, NULL,~~

+ secondary_extra, 2, NULL, NULL, NULL,

issuer_id, 2,

_("View Issuer Certificate"), PURPLE_CALLBACK(display_x509_issuer),

_("Close"), PURPLE_CALLBACK(g_free));

@@ -2219,10 +2263,11 @@

g_free(cn);

g_free(issuer_id);

g_free(secondary);

~~- g_free(sha_asc);~~

+ g_free(secondary_extra);

+ g_free(sha1_asc);

+ g_free(sha256_asc);

g_free(activ_str);

g_free(expir_str);

~~- g_byte_array_free(sha_bin, TRUE);~~

}

void purple_certificate_add_ca_search_path(const char *path)

~~--- a/libpurple/certificate.h Mon Mar 06 16:06:52 2017 -0300~~

+++ b/libpurple/certificate.h Tue Mar 07 02:38:54 2017 +0000

@@ -315,9 +315,31 @@

void (* verify_cert)(PurpleCertificateVerificationRequest *vrq, PurpleCertificateInvalidityFlags *flags);

~~- void (*_purple_reserved3)(void);~~

+ /**

+ * The size of the PurpleCertificateScheme. This should always be sizeof(PurpleCertificateScheme).

+ * This allows adding more functions to this struct without requiring a major version bump.

+ *

+ * PURPLE_CERTIFICATE_SCHEME_HAS_FUNC() should be used for functions after this point.

+ */

+ unsigned long struct_size;

+ /**

+ * Retrieves the certificate public key fingerprint using SHA256

+ *

+ * @param crt Certificate instance

+ * @return Binary representation of SHA256 hash - must be freed using

+ * g_byte_array_free()

+ * @since 2.12.0

+ */

+ GByteArray * (* get_fingerprint_sha256)(PurpleCertificate *crt);

};

+#define PURPLE_CERTIFICATE_SCHEME_HAS_FUNC(obj, member) \

+ (((G_STRUCT_OFFSET(PurpleCertificateScheme, member) < G_STRUCT_OFFSET(PurpleCertificateScheme, struct_size)) \

+ || (G_STRUCT_OFFSET(PurpleCertificateScheme, member) < obj->struct_size)) && \

+ obj->member != NULL)

/** A set of operations used to provide logic for verifying a Certificate's

* authenticity.

@@ -578,12 +600,26 @@

* Retrieves the certificate public key fingerprint using SHA1.

* @param crt Certificate instance

~~- * @return Binary representation of the hash. You are responsible for free()ing~~

~~- * this.~~

+ * @return Binary representation of the hash. You are responsible for freeing

+ * this with g_byte_array_free().

+ * @see purple_base16_encode_chunked()

+ * @see purple_certificate_get_fingerprint_sha256()

+ */

+GByteArray *

+purple_certificate_get_fingerprint_sha1(PurpleCertificate *crt);

+/**

+ * Retrieves the certificate public key fingerprint using SHA256.

+ *

+ * @param crt Certificate instance

+ * @param sha1_fallback If true, return SHA1 if the SSL module doesn't

+ * implement SHA256. Otherwise, return NULL.

+ * @return Binary representation of the hash. You are responsible for freeing

+ * this with g_byte_array_free().

* @see purple_base16_encode_chunked()

GByteArray *

~~-purple_certificate_get_fingerprint_sha1(PurpleCertificate *crt);~~

+purple_certificate_get_fingerprint_sha256(PurpleCertificate *crt, gboolean sha1_fallback);

/**

* Get a unique identifier for the certificate

~~--- a/libpurple/plugins/perl/common/Certificate.xs Mon Mar 06 16:06:52 2017 -0300~~

+++ b/libpurple/plugins/perl/common/Certificate.xs Tue Mar 07 02:38:54 2017 +0000

@@ -219,6 +219,19 @@

OUTPUT:

RETVAL

+SV*

+purple_certificate_get_fingerprint_sha256(crt, sha1_fallback)

+ Purple::Certificate crt

+ gboolean sha1_fallback

+ PREINIT:

+ GByteArray *gba = NULL;

+ CODE:

+ gba = purple_certificate_get_fingerprint_sha256(crt, sha1_fallback);

+ RETVAL = newSVpv((gchar *)gba->data, gba->len);

+ g_byte_array_free(gba, TRUE);

+ OUTPUT:

+ RETVAL

void

purple_certificate_verify(verifier, subject_name, cert_chain, cb, cb_data)

Purple::Certificate::Verifier verifier

~~--- a/libpurple/plugins/ssl/ssl-gnutls.c Mon Mar 06 16:06:52 2017 -0300~~

+++ b/libpurple/plugins/ssl/ssl-gnutls.c Tue Mar 07 02:38:54 2017 +0000

@@ -1037,9 +1037,9 @@

}

static GByteArray *

~~-x509_sha1sum(PurpleCertificate *crt)~~

+x509_shasum(PurpleCertificate *crt, gnutls_digest_algorithm_t algo)

{

~~- size_t hashlen = 20; /* SHA1 hashes are 20 bytes */~~

+ size_t hashlen = (algo == GNUTLS_DIG_SHA1) ? 20 : 32;

size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/

gnutls_x509_crt_t crt_dat;

GByteArray *hash; /**< Final hash container */

@@ -1051,7 +1051,7 @@

/* Extract the fingerprint */

g_return_val_if_fail(

~~- 0 == gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_DIG_SHA,~~

+ 0 == gnutls_x509_crt_get_fingerprint(crt_dat, algo,

hashbuf, &tmpsz),

NULL);

@@ -1065,6 +1065,18 @@

return hash;

}

+static GByteArray *

+x509_sha1sum(PurpleCertificate *crt)

+ return x509_shasum(crt, GNUTLS_DIG_SHA1);

+static GByteArray *

+x509_sha256sum(PurpleCertificate *crt)

+ return x509_shasum(crt, GNUTLS_DIG_SHA256);

static gchar *

x509_cert_dn (PurpleCertificate *crt)

{

@@ -1239,8 +1251,8 @@

NULL,

~~- NULL~~

+ sizeof(PurpleCertificateScheme), /* struct_size */

+ x509_sha256sum, /* SHA256 fingerprint */

};

static PurpleSslOps ssl_ops =

~~--- a/libpurple/plugins/ssl/ssl-nss.c Mon Mar 06 16:06:52 2017 -0300~~

+++ b/libpurple/plugins/ssl/ssl-nss.c Tue Mar 07 02:38:54 2017 +0000

@@ -881,11 +881,11 @@

}

static GByteArray *

~~-x509_sha1sum(PurpleCertificate *crt)~~

+x509_shasum(PurpleCertificate *crt, SECOidTag algo)

{

CERTCertificate *crt_dat;

~~- size_t hashlen = 20; /* Size of an sha1sum */~~

~~- GByteArray *sha1sum;~~

+ size_t hashlen = (algo == SEC_OID_SHA1) ? 20 : 32;

+ GByteArray *hash;

SECItem *derCert; /* DER representation of the cert */

SECStatus st;

@@ -899,22 +899,34 @@

derCert = &(crt_dat->derCert);

/* Make a hash! */

~~- sha1sum = g_byte_array_sized_new(hashlen);~~

+ hash = g_byte_array_sized_new(hashlen);

/* glib leaves the size as 0 by default */

~~- sha1sum->len = hashlen;~~

+ hash->len = hashlen;

~~- st = PK11_HashBuf(SEC_OID_SHA1, sha1sum->data,~~

+ st = PK11_HashBuf(algo, hash->data,

derCert->data, derCert->len);

/* Check for errors */

if (st != SECSuccess) {

~~- g_byte_array_free(sha1sum, TRUE);~~

+ g_byte_array_free(hash, TRUE);

purple_debug_error("nss/x509",

"Error: hashing failed!\n");

return NULL;

}

~~- return sha1sum;~~

+ return hash;

+static GByteArray *

+x509_sha1sum(PurpleCertificate *crt)

+ return x509_shasum(crt, SEC_OID_SHA1);

+static GByteArray *

+x509_sha256sum(PurpleCertificate *crt)

+ return x509_shasum(crt, SEC_OID_SHA256);

}

static gchar *

@@ -1211,7 +1223,8 @@

x509_importcerts_from_file, /* Multiple certificate import function */

x509_register_trusted_tls_cert, /* Register a certificate as trusted for TLS */

x509_verify_cert, /* Verify that the specified cert chain is trusted */

~~- NULL~~

+ sizeof(PurpleCertificateScheme), /* struct_size */

+ x509_sha256sum, /* SHA256 fingerprint */

};

static PurpleSslOps ssl_ops =