summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-06-13 09:20:43 +0200
committerBenny Baumann <BenBE@geshi.org>2014-06-13 09:20:43 +0200
commit6d0f414854b2c1aa1da9ec49889ac9bb3b69b966 (patch)
tree7162d1c77760fad5c53474d9bf0a0c7e122b2f66 /includes
parent2affa9c6e9a1f2a7f68ab5fa306374cd037d6227 (diff)
parentf25f8af03c96cfcd4dd83a9f3b6ee4181eb3e2c9 (diff)
downloadcacert-devel-6d0f414854b2c1aa1da9ec49889ac9bb3b69b966.tar.gz
cacert-devel-6d0f414854b2c1aa1da9ec49889ac9bb3b69b966.tar.xz
cacert-devel-6d0f414854b2c1aa1da9ec49889ac9bb3b69b966.zip
Merge branch 'bug-807' into release
Diffstat (limited to 'includes')
-rw-r--r--includes/account.php17
-rw-r--r--includes/lib/account.php50
2 files changed, 67 insertions, 0 deletions
diff --git a/includes/account.php b/includes/account.php
index 99c65c5..b1ab984 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -289,6 +289,9 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
}
+
+ $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
+
$csr = "";
if(trim($_REQUEST['optionalCSR']) == "")
{
@@ -386,6 +389,7 @@ function buildSubjectFromSession() {
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -490,6 +494,7 @@ function buildSubjectFromSession() {
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -763,6 +768,8 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
}
+
+ $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
}
if($process != "" && $oldid == 11)
@@ -807,6 +814,7 @@ function buildSubjectFromSession() {
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
$query = "insert into `domaincerts` set
@@ -814,6 +822,7 @@ function buildSubjectFromSession() {
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
} else {
showheader(_("My CAcert.org Account!"));
@@ -1467,6 +1476,8 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+ $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
+
$_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
if(@count($_SESSION['_config']['emails']) > 0)
@@ -1534,6 +1545,7 @@ function buildSubjectFromSession() {
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1629,6 +1641,7 @@ function buildSubjectFromSession() {
`subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".intval($_SESSION['_config']['codesign'])."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query);
$emailid = mysql_insert_id();
@@ -1893,6 +1906,8 @@ function buildSubjectFromSession() {
$_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
+
+ $_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
}
if($process != "" && $oldid == 21)
@@ -1967,6 +1982,7 @@ function buildSubjectFromSession() {
`created`=NOW(),
`subject`='".mysql_real_escape_string($csrsubject)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`type`='".$type."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
} else {
@@ -1976,6 +1992,7 @@ function buildSubjectFromSession() {
`created`=NOW(),
`subject`='".mysql_real_escape_string($csrsubject)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
+ `md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`type`='".$type."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
}
diff --git a/includes/lib/account.php b/includes/lib/account.php
index 4c4d5ac..dd8afd3 100644
--- a/includes/lib/account.php
+++ b/includes/lib/account.php
@@ -98,3 +98,53 @@ function fix_assurer_flag($userID = NULL)
return true;
}
+
+/**
+ * Supported hash algorithms for signing certificates
+ */
+class HashAlgorithms {
+ /**
+ * Default hash algorithm identifier for signing
+ * @var string
+ */
+ public static $default = 'sha256';
+
+ /**
+ * Get display strings for the supported hash algorithms
+ * @return array(string=>array('name'=>string, 'info'=>string))
+ * - [$hash_identifier]['name'] = Name that should be displayed in UI
+ * - [$hash_identifier]['info'] = Additional information that can help
+ * with the selection of a suitable algorithm
+ */
+ public static function getInfo() {
+ return array(
+ 'sha256' => array(
+ 'name' => 'SHA-256',
+ 'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
+ ),
+ 'sha384' => array(
+ 'name' => 'SHA-384',
+ 'info' => '',
+ ),
+ 'sha512' => array(
+ 'name' => 'SHA-512',
+ 'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
+ ),
+ );
+ }
+
+ /**
+ * Check if the input is a supported hash algorithm identifier otherwise
+ * return the identifier of the default hash algorithm
+ *
+ * @param string $hash_identifier
+ * @return string The cleaned identifier
+ */
+ public static function clean($hash_identifier) {
+ if (array_key_exists($hash_identifier, self::getInfo() )) {
+ return $hash_identifier;
+ } else {
+ return self::$default;
+ }
+ }
+}