walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Refactor get_x509_fingerprint to accept hash function

This commit is contained in:
Tatsuhiro Tsujikawa 2017-10-31 21:28:16 +09:00
parent 77a41756db
commit 7008afd40e
4 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/shrpx_log.cc
View File

@ -544,7 +544,8 @@ void upstream_accesslog(const std::vector<LogFragment> &lfv,
break;
}
std::array<uint8_t, 32> buf;
auto len = tls::get_x509_fingerprint(buf.data(), buf.size(), x);
auto len =
tls::get_x509_fingerprint(buf.data(), buf.size(), x, EVP_sha256());
X509_free(x);
if (len <= 0) {
std::tie(p, last) = copy('-', p, last);

3
src/shrpx_mruby_module_env.cc
View File

@ -160,7 +160,8 @@ mrb_value env_get_tls_client_fingerprint(mrb_state *mrb, mrb_value self) {
// Fingerprint is SHA-256, so we need 32 bytes buffer.
std::array<uint8_t, 32> buf;
auto slen = tls::get_x509_fingerprint(buf.data(), buf.size(), x);
auto slen =
tls::get_x509_fingerprint(buf.data(), buf.size(), x, EVP_sha256());
X509_free(x);
if (slen == -1) {
mrb_raise(mrb, E_RUNTIME_ERROR, "could not compute client fingerprint");

6
src/shrpx_tls.cc
View File

@ -1920,10 +1920,10 @@ int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
return 0;
}
ssize_t get_x509_fingerprint(uint8_t *dst, size_t dstlen, X509 *x) {
assert(dstlen >= 32);
ssize_t get_x509_fingerprint(uint8_t *dst, size_t dstlen, const X509 *x,
const EVP_MD *md) {
unsigned int len = dstlen;
if (X509_digest(x, EVP_sha256(), dst, &len) != 1) {
if (X509_digest(x, md, dst, &len) != 1) {
return -1;
}
return len;

10
src/shrpx_tls.h
View File

@ -269,10 +269,12 @@ int proto_version_from_string(const StringRef &v);
int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
size_t ocsp_resplen);
// Stores SHA-256 fingerprint of |x| in |dst| of length |dstlen|.
// |dstlen| must be larger than 32 bytes. This function returns the
// number of bytes written in |dst|, or -1.
ssize_t get_x509_fingerprint(uint8_t *dst, size_t dstlen, X509 *x);
// Stores fingerprint of |x| in |dst| of length |dstlen|. |md|
// specifies hash function to use, and |dstlen| must be large enough
// to include hash value (e.g., 32 bytes for SHA-256). This function
// returns the number of bytes written in |dst|, or -1.
ssize_t get_x509_fingerprint(uint8_t *dst, size_t dstlen, const X509 *x,
const EVP_MD *md);
// Returns subject name of |x|. If this function fails to get subject
// name, it returns an empty string.