diff options
author | Jack Lloyd <[email protected]> | 2018-04-16 07:47:58 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-04-16 07:47:58 -0400 |
commit | 5a05ea6b00d672d521eabb4250dfbd997ff0700d (patch) | |
tree | 6941ad853f2fcb394f89bf0eb979c0f60c448dad /src | |
parent | 7398cea6fd7bfc1012a8b17a5034c095777195d6 (diff) |
Truncate new SKIDs to 192 bits
More than long enough, and saves quite a bit of space especially for
SHA-512 certificates.
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/x509/x509_ext.cpp | 6 | ||||
-rw-r--r-- | src/lib/x509/x509self.cpp | 9 |
2 files changed, 9 insertions, 6 deletions
diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index b969ad7cf..c0fe904bc 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -434,6 +434,12 @@ Subject_Key_ID::Subject_Key_ID(const std::vector<uint8_t>& pub_key, const std::s hash->update(pub_key); hash->final(m_key_id.data()); + + // Truncate longer hashes, 192 bits here seems plenty + const size_t max_skid_len = (192 / 8); + if(m_key_id.size() > max_skid_len) + m_key_id.resize(max_skid_len); + m_key_id[0] = 0x44; } /* diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp index 78bbe8615..32f21c101 100644 --- a/src/lib/x509/x509self.cpp +++ b/src/lib/x509/x509self.cpp @@ -82,13 +82,10 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, extensions.add_new(new Cert_Extension::Key_Usage(constraints), true); } - std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_fn)); - hash->update(pub_key); - std::vector<uint8_t> skid(hash->output_length()); - hash->final(skid.data()); + std::unique_ptr<Cert_Extension::Subject_Key_ID> skid(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn)); - extensions.add_new(new Cert_Extension::Subject_Key_ID(skid)); - extensions.add_new(new Cert_Extension::Authority_Key_ID(skid)); + extensions.add_new(new Cert_Extension::Authority_Key_ID(skid->get_key_id())); + extensions.add_new(skid.release()); extensions.add_new( new Cert_Extension::Subject_Alternative_Name(subject_alt)); |