aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-04-16 07:47:58 -0400
committerJack Lloyd <[email protected]>2018-04-16 07:47:58 -0400
commit5a05ea6b00d672d521eabb4250dfbd997ff0700d (patch)
tree6941ad853f2fcb394f89bf0eb979c0f60c448dad /src
parent7398cea6fd7bfc1012a8b17a5034c095777195d6 (diff)
Truncate new SKIDs to 192 bits
More than long enough, and saves quite a bit of space especially for SHA-512 certificates.
Diffstat (limited to 'src')
-rw-r--r--src/lib/x509/x509_ext.cpp6
-rw-r--r--src/lib/x509/x509self.cpp9
2 files changed, 9 insertions, 6 deletions
diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp
index b969ad7cf..c0fe904bc 100644
--- a/src/lib/x509/x509_ext.cpp
+++ b/src/lib/x509/x509_ext.cpp
@@ -434,6 +434,12 @@ Subject_Key_ID::Subject_Key_ID(const std::vector<uint8_t>& pub_key, const std::s
hash->update(pub_key);
hash->final(m_key_id.data());
+
+ // Truncate longer hashes, 192 bits here seems plenty
+ const size_t max_skid_len = (192 / 8);
+ if(m_key_id.size() > max_skid_len)
+ m_key_id.resize(max_skid_len);
+ m_key_id[0] = 0x44;
}
/*
diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp
index 78bbe8615..32f21c101 100644
--- a/src/lib/x509/x509self.cpp
+++ b/src/lib/x509/x509self.cpp
@@ -82,13 +82,10 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
extensions.add_new(new Cert_Extension::Key_Usage(constraints), true);
}
- std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_fn));
- hash->update(pub_key);
- std::vector<uint8_t> skid(hash->output_length());
- hash->final(skid.data());
+ std::unique_ptr<Cert_Extension::Subject_Key_ID> skid(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn));
- extensions.add_new(new Cert_Extension::Subject_Key_ID(skid));
- extensions.add_new(new Cert_Extension::Authority_Key_ID(skid));
+ extensions.add_new(new Cert_Extension::Authority_Key_ID(skid->get_key_id()));
+ extensions.add_new(skid.release());
extensions.add_new(
new Cert_Extension::Subject_Alternative_Name(subject_alt));