diff options
| author | Yann Ylavic <ylavic@apache.org> | 2024-07-08 17:06:14 +0200 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2024-07-08 17:06:14 +0200 |
| commit | c6c9a741b1d96d1b976c0c994edd9de230482102 (patch) | |
| tree | c3cd19dd7693f427ec83fdd83ae3f35a29ea3d8a /modules | |
| parent | Follow up to r1919023: fix compilation. (diff) | |
| download | apache2-c6c9a741b1d96d1b976c0c994edd9de230482102.tar.xz apache2-c6c9a741b1d96d1b976c0c994edd9de230482102.zip | |
mod_md: Keep compat with openssl < 1.1
EVP_PKEY_get0_RSA() does not exist in openssl < 1.1, use EVP_PKEY_get1_RSA()
instead, hence RSA_free() the returned ref to avoid a leak.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919026 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/md/md_crypt.c | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c index ca44fab064..c116bf1511 100644 --- a/modules/md/md_crypt.c +++ b/modules/md/md_crypt.c @@ -63,6 +63,10 @@ || LIBRESSL_VERSION_NUMBER >= 0x3050000fL) /* Missing from LibreSSL < 3.5.0 and only available since OpenSSL v1.1.x */ #include <openssl/ct.h> +#define MD_HAVE_CT 1 +#endif +#ifndef MD_HAVE_CT +#define MD_HAVE_CT 0 #endif static int initialized; @@ -978,42 +982,64 @@ static const char *bn64(const BIGNUM *b, apr_pool_t *p) const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p) { + const char *e64 = NULL; + #if OPENSSL_VERSION_NUMBER < 0x30000000L + +#if OPENSSL_VERSION_NUMBER < 0x10101000L + RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey); +#else const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey); +#endif if (rsa) { const BIGNUM *e; RSA_get0_key(rsa, NULL, &e, NULL); - return bn64(e, p); + e64 = bn64(e, p); +#if OPENSSL_VERSION_NUMBER < 0x10101000L + RSA_free(rsa); +#endif } -#else + +#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ BIGNUM *e = NULL; if (EVP_PKEY_get_bn_param(pkey->pkey, OSSL_PKEY_PARAM_RSA_E, &e)) { - const char *e64 = bn64(e, p); + e64 = bn64(e, p); BN_free(e); - return e64; } #endif - return NULL; + + return e64; } const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p) { + const char *n64 = NULL; + #if OPENSSL_VERSION_NUMBER < 0x30000000L + +#if OPENSSL_VERSION_NUMBER < 0x10101000L + RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey); +#else const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey); +#endif if (rsa) { const BIGNUM *n; RSA_get0_key(rsa, &n, NULL, NULL); - return bn64(n, p); + n64 = bn64(n, p); +#if OPENSSL_VERSION_NUMBER < 0x10101000L + RSA_free(rsa); +#endif } -#else + +#else /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ BIGNUM *n = NULL; if (EVP_PKEY_get_bn_param(pkey->pkey, OSSL_PKEY_PARAM_RSA_N, &n)) { - const char *n64 = bn64(n, p); + n64 = bn64(n, p); BN_free(n); - return n64; } #endif - return NULL; + + return n64; } apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p, @@ -2037,11 +2063,10 @@ out: return rv; } +#if MD_HAVE_CT #define MD_OID_CT_SCTS_NUM "1.3.6.1.4.1.11129.2.4.2" #define MD_OID_CT_SCTS_SNAME "CT-SCTs" #define MD_OID_CT_SCTS_LNAME "CT Certificate SCTs" - -#ifndef OPENSSL_NO_CT static int get_ct_scts_nid(void) { int nid = OBJ_txt2nid(MD_OID_CT_SCTS_NUM); @@ -2065,7 +2090,7 @@ const char *md_nid_get_lname(int nid) apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert) { -#ifndef OPENSSL_NO_CT +#if MD_HAVE_CT int nid, i, idx, critical; STACK_OF(SCT) *sct_list; SCT *sct_handle; |