diff options
Diffstat (limited to 'modules/ssl/mod_ssl_ct.c')
-rw-r--r-- | modules/ssl/mod_ssl_ct.c | 64 |
1 files changed, 46 insertions, 18 deletions
diff --git a/modules/ssl/mod_ssl_ct.c b/modules/ssl/mod_ssl_ct.c index 17b673a8e5..769adba795 100644 --- a/modules/ssl/mod_ssl_ct.c +++ b/modules/ssl/mod_ssl_ct.c @@ -70,14 +70,13 @@ #endif #include "mod_proxy.h" -#include "mod_ssl.h" -#include "mod_ssl_openssl.h" +#include "mod_ssl_openssl.h" #include "ssl_ct_util.h" #include "ssl_ct_sct.h" -#include "openssl/x509v3.h" -#include "openssl/ocsp.h" +#include <openssl/x509v3.h> +#include <openssl/ocsp.h> #if OPENSSL_VERSION_NUMBER < 0x10002003L #error "mod_ssl_ct requires OpenSSL 1.0.2-beta3 or later" @@ -1592,26 +1591,55 @@ static const char *gen_key(conn_rec *c, cert_chain *cc, ct_conn_config *conncfg) { const char *fp; - SHA256_CTX sha256ctx; unsigned char digest[SHA256_DIGEST_LENGTH]; fp = get_cert_fingerprint(c->pool, cc->leaf); - SHA256_Init(&sha256ctx); /* UNDOC */ - SHA256_Update(&sha256ctx, (unsigned char *)fp, strlen(fp)); /* UNDOC */ - if (conncfg->cert_sct_list) { - SHA256_Update(&sha256ctx, conncfg->cert_sct_list, - conncfg->cert_sct_list_size); - } - if (conncfg->serverhello_sct_list) { - SHA256_Update(&sha256ctx, conncfg->serverhello_sct_list, - conncfg->serverhello_sct_list_size); +#if OPENSSL_VERSION_NUMBER < 0x30000000L + { + SHA256_CTX sha256ctx; + SHA256_Init(&sha256ctx); /* UNDOC */ + SHA256_Update(&sha256ctx, (unsigned char *)fp, strlen(fp)); /* UNDOC */ + if (conncfg->cert_sct_list) { + SHA256_Update(&sha256ctx, conncfg->cert_sct_list, + conncfg->cert_sct_list_size); + } + if (conncfg->serverhello_sct_list) { + SHA256_Update(&sha256ctx, conncfg->serverhello_sct_list, + conncfg->serverhello_sct_list_size); + } + if (conncfg->ocsp_sct_list) { + SHA256_Update(&sha256ctx, conncfg->ocsp_sct_list, + conncfg->ocsp_sct_list_size); + } + SHA256_Final(digest, &sha256ctx); /* UNDOC */ } - if (conncfg->ocsp_sct_list) { - SHA256_Update(&sha256ctx, conncfg->ocsp_sct_list, - conncfg->ocsp_sct_list_size); +#else + { + EVP_MD_CTX *md_ctx; + unsigned int dlen = 0; + md_ctx = EVP_MD_CTX_create(); + ap_assert(md_ctx != NULL); + ap_assert(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL)); + ap_assert(EVP_DigestUpdate(md_ctx, (unsigned char *)fp, strlen(fp))); + if (conncfg->cert_sct_list) { + ap_assert(EVP_DigestUpdate(md_ctx, conncfg->cert_sct_list, + conncfg->cert_sct_list_size)); + } + if (conncfg->serverhello_sct_list) { + ap_assert(EVP_DigestUpdate(md_ctx, conncfg->serverhello_sct_list, + conncfg->serverhello_sct_list_size)); + } + if (conncfg->ocsp_sct_list) { + ap_assert(EVP_DigestUpdate(md_ctx, conncfg->ocsp_sct_list, + conncfg->ocsp_sct_list_size)); + } + ap_assert(EVP_DigestFinal_ex(md_ctx, digest, &dlen)); + ap_assert(dlen == SHA256_DIGEST_LENGTH); + EVP_MD_CTX_destroy(md_ctx); } - SHA256_Final(digest, &sha256ctx); /* UNDOC */ +#endif + return apr_pescape_hex(c->pool, digest, sizeof digest, 0); } |