diff options
| author | Rainer Jung <rjung@apache.org> | 2016-04-10 09:02:15 +0000 |
|---|---|---|
| committer | Rainer Jung <rjung@apache.org> | 2016-04-10 09:02:15 +0000 |
| commit | 89db09bb588800a0aca972094863b068a81a0718 (patch) | |
| tree | 585aec2ddb9f5f35a213060cbc8e0a6aaeed5546 /modules/ssl | |
| parent | d42ab527e5f2b526d239f71bdd4363da9aa326c9 (diff) | |
| download | httpd-89db09bb588800a0aca972094863b068a81a0718.tar.gz | |
Support for OpenSSL 1.1.0:
- DH was made opaque
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1738410 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl')
| -rw-r--r-- | modules/ssl/ssl_engine_init.c | 41 | ||||
| -rw-r--r-- | modules/ssl/ssl_private.h | 1 |
2 files changed, 36 insertions, 6 deletions
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a9dbb7ccd5..446d271426 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -50,21 +50,50 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, init_server, #define KEYTYPES "RSA or DSA" #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L +/* OpenSSL Pre-1.1.0 compatibility */ +/* Taken from OpenSSL 1.1.0 snapshot 20160410 */ +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + /* q is optional */ + if (p == NULL || g == NULL) + return 0; + BN_free(dh->p); + BN_free(dh->q); + BN_free(dh->g); + dh->p = p; + dh->q = q; + dh->g = g; + + if (q != NULL) { + dh->length = BN_num_bits(q); + } + + return 1; +} +#endif + /* * Grab well-defined DH parameters from OpenSSL, see the get_rfc* * functions in <openssl/bn.h> for all available primes. */ -static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen) +static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *)) { DH *dh = DH_new(); + BIGNUM *p, *g; if (!dh) { return NULL; } - dh->p = prime(NULL); - BN_dec2bn(&dh->g, gen); - if (!dh->p || !dh->g) { + p = prime(NULL); + g = BN_new(); + if (g != NULL) { + BN_set_word(g, 2); + } + if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); + BN_free(p); + BN_free(g); return NULL; } return dh; @@ -89,7 +118,7 @@ static void init_dh_params(void) unsigned n; for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++) - dhparams[n].dh = make_dh_params(dhparams[n].prime, "2"); + dhparams[n].dh = make_dh_params(dhparams[n].prime); } static void free_dh_params(void) @@ -1273,7 +1302,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s, SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540) "Custom DH parameters (%d bits) for %s loaded from %s", - BN_num_bits(dhparams->p), vhost_id, certfile); + DH_bits(dhparams), vhost_id, certfile); DH_free(dhparams); } diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 44fefb8cda..ffd6daa9bd 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -205,6 +205,7 @@ #define BIO_set_data(x,v) (x->ptr=v) #define BIO_get_shutdown(x) (x->shutdown) #define BIO_set_shutdown(x,v) (x->shutdown=v) +#define DH_bits(x) (BN_num_bits(x->p)) #else void init_bio_methods(void); void free_bio_methods(void); |