libsec: implement dh parameter signature verification, stop lying about non-rsa ciphers, fix memory leaks in X509 code

actually verify the diffie hellman parameter signature, this comes in two flavours. TLS1.2 uses X509 signature with a single hash specified by the signature algorithm field in the signature itself and pre TLS1.2 where md5+sha1 hashes of the signed blob are pkcs1 padded and encrypted with the rsa private key. stop advertizing non-rsa cipher suits (DSS and ECDSA), as we have not implmenented them. fix some memory leaks in X509 code while we'r at it.
author: cinap_lenrek <cinap_lenrek@felloff.net> 2015-09-22 18:10:52 +0200
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2015-09-22 18:10:52 +0200
commit: c3e1c158f62458f16e5b538f188bad14844d277d (patch)
tree: c8b976af1e687ad02cabedd520b92f08e8f1d18f /sys/include
parent: 8baa8593196a1848773eb8dff26b18cc519f0175 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/include/libsec.h b/sys/include/libsec.h
index d5c3b85fb..16f249f2e 100644
--- a/sys/include/libsec.h
+++ b/sys/include/libsec.h
@@ -274,6 +274,8 @@ uchar*		decodePEM(char *s, char *type, int *len, char **new_s);
 PEMChain*	decodepemchain(char *s, char *type);
 uchar*		X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
 uchar*		X509req(RSApriv *priv, char *subj, int *certlen);
+char*		X509verifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk);
+char*		X509verifydata(uchar *sig, int siglen, uchar *data, int datalen, RSApub *pk);
 char*		X509verify(uchar *cert, int ncert, RSApub *pk);
 void		X509dump(uchar *cert, int ncert);
author	cinap_lenrek <cinap_lenrek@felloff.net>	2015-09-22 18:10:52 +0200
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2015-09-22 18:10:52 +0200
commit	c3e1c158f62458f16e5b538f188bad14844d277d (patch)
tree	c8b976af1e687ad02cabedd520b92f08e8f1d18f /sys/include
parent	8baa8593196a1848773eb8dff26b18cc519f0175 (diff)