Hi,
I've built a full patch for sha-2 (256) as well as an additional patch
to support sha-2 (384 and 512).
Discussion is at http://www.systemajik.com/blog/tinyca-sha2/ to which
patches are also attached.
On Sat, 01 Nov 2014 13:27:30 -0500 Ross Vandegrift <r...@kallisti.us> wrote:
> Package: tinyca
> Version: 0.7.5-5
> Followup-For: Bug #759481
>
> Dear Maintainer,
>
> Attached is a patch to add support for SHA-224, SHA-256, SHA-384, and
> SHA-512. It also makes the default digest algorithm SHA-512. I've run
> it though very basic server cert testing.
>
> The patch is on top of the Debian local changes. I couldn't find an
> upstream. If it exists, I'd be happy to help push it up.
>
> Ross
>
> -- System Information:
> Debian Release: 7.7
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable'), (50,
'testing'), (40, 'unstable'), (30, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 3.14-0.bpo.2-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages tinyca depends on:
> ii libgtk2-perl 2:1.244-1
> ii liblocale-gettext-perl 1.05-7+b1
> ii openssl 1.0.1e-2+deb7u13
>
> Versions of packages tinyca recommends:
> ii zip 3.0-6
>
> tinyca suggests no packages.
>
> -- no debconf information
--
Bill Thorsteinson
SysteMajik Consulting
From e5e25e55f8da2b4d2bad584f2145ca0ff6b3a92a Mon Sep 17 00:00:00 2001
From: Bill Thorsteinson <bill....@systemajik.com>
Date: Thu, 30 Oct 2014 22:26:47 -0400
Subject: [PATCH] Apply changes
---
CERT.pm | 1 +
GUI.pm | 13 +++++++------
GUI/WORDS.pm | 1 +
GUI/X509_infobox.pm | 9 +++++++++
OpenSSL.pm | 17 +++++++++++++++++
REQ.pm | 4 +++-
6 files changed, 38 insertions(+), 7 deletions(-)
diff --git a/CERT.pm b/CERT.pm
index 0bd4267..a51fa48 100644
--- a/CERT.pm
+++ b/CERT.pm
@@ -480,6 +480,7 @@ sub export_cert {
$out = '';
$out .= "Fingerprint (MD5): $opts->{'parsed'}->{'FINGERPRINTMD5'}\n";
$out .= "Fingerprint (SHA1):
$opts->{'parsed'}->{'FINGERPRINTSHA1'}\n\n";
+ $out .= "Fingerprint (SHA256):
$opts->{'parsed'}->{'FINGERPRINTSHA256'}\n\n";
} else {
$out = '';
}
diff --git a/GUI.pm b/GUI.pm
index bd98543..27847e2 100644
--- a/GUI.pm
+++ b/GUI.pm
@@ -29,14 +29,15 @@ my $true=1;
# This hash maps our internal MD names to the displayed digest names.
# Maybe it should live in a crypto-related file instead of a UI-related file?
my %md_algorithms = (
- 'md5' => 'MD5',
- 'sha1' => 'SHA1',
- 'md2' => 'MD2',
- 'mdc2' => 'MDC2',
- 'md4' => 'MD4',
+ 'md5' => 'ins.MD5',
+# duplicate 'sha1' => 'SHA1',
+# n/a 'md2' => 'MD2',
+# n/a 'mdc2' => 'MDC2',
+ 'md4' => 'ins.MD4',
'ripemd160' => 'RIPEMD-160',
# 'sha' => 'SHA',
'sha1' => 'SHA-1',
+ 'sha256' => 'SHA256',
);
my %bit_lengths = (
@@ -1060,7 +1061,7 @@ sub create_detail_tree {
$piter = $store->append($root);
$store->set($piter, 0 => $t);
- for my $l (qw(FINGERPRINTMD5 FINGERPRINTSHA1)) {
+ for my $l (qw(FINGERPRINTMD5 FINGERPRINTSHA1 FINGERPRINTSHA256)) {
if(defined($parsed->{$l})) {
$citer = $store->append($piter);
$store->set($citer,
diff --git a/GUI/WORDS.pm b/GUI/WORDS.pm
index efd64d6..cdd67d5 100644
--- a/GUI/WORDS.pm
+++ b/GUI/WORDS.pm
@@ -70,6 +70,7 @@ sub new {
'STATUS' => _("Status"),
'FINGERPRINTMD5' => _("Fingerprint (MD5)"),
'FINGERPRINTSHA1' => _("Fingerprint (SHA1)"),
+ 'FINGERPRINTSHA256' => _("Fingerprint (SHA256)"),
_("Not set") => 'none',
_("Ask User") => 'user',
_("critical") => 'critical',
diff --git a/GUI/X509_infobox.pm b/GUI/X509_infobox.pm
index 97f6280..6543f28 100644
--- a/GUI/X509_infobox.pm
+++ b/GUI/X509_infobox.pm
@@ -90,6 +90,15 @@ sub display {
'center', 0, 0);
$self->{'x509textbox'}->pack_start($self->{'certfingerprintsha1'},
0, 0, 0);
+
+ if(defined($self->{'certfingerprintsha256'})) {
+ $self->{'certfingerprintsha256'}->destroy();
+ }
+ $self->{'certfingerprintsha256'} = GUI::HELPERS::create_label(
+ _("Fingerprint (SHA256)").": ".$parsed->{'FINGERPRINTSHA256'},
+ 'center', 0, 0);
+ $self->{'x509textbox'}->pack_start($self->{'certfingerprintsha256'},
+ 0, 0, 0);
}
if (($mode eq 'cert') || ($mode eq 'cacert')) {
diff --git a/OpenSSL.pm b/OpenSSL.pm
index 0645bda..1775dad 100644
--- a/OpenSSL.pm
+++ b/OpenSSL.pm
@@ -674,6 +674,23 @@ sub parsecert {
GUI::HELPERS::print_warning($t, $ext);
}
+ $cmd = "$self->{'bin'} x509 -noout -fingerprint -sha256 -in $file";
+ $ext = "$cmd\n\n";
+ $pid = open3($wtfh, $rdfh, $rdfh, $cmd);
+ while(<$rdfh>){
+ $ext .= $_;
+ ($k, $v) = split(/=/);
+ $tmp->{'FINGERPRINTSHA256'} = $v if($k =~ /SHA256 Fingerprint/i);
+ chomp($tmp->{'FINGERPRINTSHA256'});
+ }
+ waitpid($pid, 0);
+ $ret = $? >> 8;
+
+ if($ret) {
+ $t = _("Error reading fingerprint from Certificate");
+ GUI::HELPERS::print_warning($t, $ext);
+ }
+
# get subject in openssl format
$cmd = "$self->{'bin'} x509 -noout -subject -in $file";
$ext = "$cmd\n\n";
diff --git a/REQ.pm b/REQ.pm
index a3b6138..7dc60ae 100644
--- a/REQ.pm
+++ b/REQ.pm
@@ -59,7 +59,7 @@ sub get_req_create {
GUI::HELPERS::print_error($t);
}
$opts->{'bits'} = 4096;
- $opts->{'digest'} = 'sha1';
+ $opts->{'digest'} = 'sha256';
$opts->{'algo'} = 'rsa';
if(defined($opts) && $opts eq "sign") {
$opts->{'sign'} = 1;
@@ -426,6 +426,8 @@ sub get_sign_req {
$opts->{'digest'} = "md5";
} elsif ($opts->{'digest'} =~ /^sha1/) {
$opts->{'digest'} = "sha1";
+ } elsif ($opts->{'digest'} =~ /^sha256/) {
+ $opts->{'digest'} = "sha256";
} elsif ($opts->{'digest'} =~ /^ripemd160/) {
$opts->{'digest'} = "ripemd160";
} else {
--
1.9.1
From 63ae349e98cf6cc548bd0ba8ba3229f5e6b2e8c3 Mon Sep 17 00:00:00 2001
From: Bill Thorsteinson <bill....@systemajik.com>
Date: Thu, 30 Oct 2014 23:10:01 -0400
Subject: [PATCH] Add sha-384 and sha-512
---
CERT.pm | 2 ++
GUI.pm | 6 ++++--
GUI/WORDS.pm | 2 ++
OpenSSL.pm | 24 ++++++++++++++++++++++++
REQ.pm | 4 ++++
5 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/CERT.pm b/CERT.pm
index a51fa48..588b421 100644
--- a/CERT.pm
+++ b/CERT.pm
@@ -481,6 +481,8 @@ sub export_cert {
$out .= "Fingerprint (MD5): $opts->{'parsed'}->{'FINGERPRINTMD5'}\n";
$out .= "Fingerprint (SHA1):
$opts->{'parsed'}->{'FINGERPRINTSHA1'}\n\n";
$out .= "Fingerprint (SHA256):
$opts->{'parsed'}->{'FINGERPRINTSHA256'}\n\n";
+ $out .= "Fingerprint (SHA384):
$opts->{'parsed'}->{'FINGERPRINTSHA384'}\n\n";
+ $out .= "Fingerprint (SHA512):
$opts->{'parsed'}->{'FINGERPRINTSHA512'}\n\n";
} else {
$out = '';
}
diff --git a/GUI.pm b/GUI.pm
index 27847e2..0805b16 100644
--- a/GUI.pm
+++ b/GUI.pm
@@ -37,7 +37,9 @@ my %md_algorithms = (
'ripemd160' => 'RIPEMD-160',
# 'sha' => 'SHA',
'sha1' => 'SHA-1',
- 'sha256' => 'SHA256',
+ 'sha256' => 'SHA-256',
+ 'sha384' => 'SHA-384',
+ 'sha512' => 'SHA-512',
);
my %bit_lengths = (
@@ -1061,7 +1063,7 @@ sub create_detail_tree {
$piter = $store->append($root);
$store->set($piter, 0 => $t);
- for my $l (qw(FINGERPRINTMD5 FINGERPRINTSHA1 FINGERPRINTSHA256)) {
+ for my $l (qw(FINGERPRINTMD5 FINGERPRINTSHA1 FINGERPRINTSHA256
FINGERPRINTSHA384 FINGERPRINTSHA512)) {
if(defined($parsed->{$l})) {
$citer = $store->append($piter);
$store->set($citer,
diff --git a/GUI/WORDS.pm b/GUI/WORDS.pm
index cdd67d5..9cb1d35 100644
--- a/GUI/WORDS.pm
+++ b/GUI/WORDS.pm
@@ -71,6 +71,8 @@ sub new {
'FINGERPRINTMD5' => _("Fingerprint (MD5)"),
'FINGERPRINTSHA1' => _("Fingerprint (SHA1)"),
'FINGERPRINTSHA256' => _("Fingerprint (SHA256)"),
+ 'FINGERPRINTSHA384' => _("Fingerprint (SHA384)"),
+ 'FINGERPRINTSHA512' => _("Fingerprint (SHA512)"),
_("Not set") => 'none',
_("Ask User") => 'user',
_("critical") => 'critical',
diff --git a/OpenSSL.pm b/OpenSSL.pm
index 1775dad..e9f0f21 100644
--- a/OpenSSL.pm
+++ b/OpenSSL.pm
@@ -686,6 +686,30 @@ sub parsecert {
waitpid($pid, 0);
$ret = $? >> 8;
+ $cmd = "$self->{'bin'} x509 -noout -fingerprint -sha384 -in $file";
+ $ext = "$cmd\n\n";
+ $pid = open3($wtfh, $rdfh, $rdfh, $cmd);
+ while(<$rdfh>){
+ $ext .= $_;
+ ($k, $v) = split(/=/);
+ $tmp->{'FINGERPRINTSHA384'} = $v if($k =~ /SHA384 Fingerprint/i);
+ chomp($tmp->{'FINGERPRINTSHA384'});
+ }
+ waitpid($pid, 0);
+ $ret = $? >> 8;
+
+ $cmd = "$self->{'bin'} x509 -noout -fingerprint -sha512 -in $file";
+ $ext = "$cmd\n\n";
+ $pid = open3($wtfh, $rdfh, $rdfh, $cmd);
+ while(<$rdfh>){
+ $ext .= $_;
+ ($k, $v) = split(/=/);
+ $tmp->{'FINGERPRINTSHA512'} = $v if($k =~ /SHA512 Fingerprint/i);
+ chomp($tmp->{'FINGERPRINTSHA512'});
+ }
+ waitpid($pid, 0);
+ $ret = $? >> 8;
+
if($ret) {
$t = _("Error reading fingerprint from Certificate");
GUI::HELPERS::print_warning($t, $ext);
diff --git a/REQ.pm b/REQ.pm
index 7dc60ae..86e693e 100644
--- a/REQ.pm
+++ b/REQ.pm
@@ -428,6 +428,10 @@ sub get_sign_req {
$opts->{'digest'} = "sha1";
} elsif ($opts->{'digest'} =~ /^sha256/) {
$opts->{'digest'} = "sha256";
+ } elsif ($opts->{'digest'} =~ /^sha384/) {
+ $opts->{'digest'} = "sha384";
+ } elsif ($opts->{'digest'} =~ /^sha512/) {
+ $opts->{'digest'} = "sha512";
} elsif ($opts->{'digest'} =~ /^ripemd160/) {
$opts->{'digest'} = "ripemd160";
} else {
--
1.9.1
