walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Refactor get_x509_fingerprint to accept hash function

This commit is contained in:
Tatsuhiro Tsujikawa 2017-10-31 21:28:16 +09:00
parent 77a41756db
commit 7008afd40e
4 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/shrpx_log.cc
View File

@ -544,7 +544,8 @@ void upstream_accesslog(const std::vector<LogFragment> &lfv,
break; break;
} }
std::array<uint8_t, 32> buf; std::array<uint8_t, 32> buf;
auto len = tls::get_x509_fingerprint(buf.data(), buf.size(), x); auto len =
tls::get_x509_fingerprint(buf.data(), buf.size(), x, EVP_sha256());
X509_free(x); X509_free(x);
if (len <= 0) { if (len <= 0) {
std::tie(p, last) = copy('-', p, last); std::tie(p, last) = copy('-', p, last);

3
src/shrpx_mruby_module_env.cc
View File

@ -160,7 +160,8 @@ mrb_value env_get_tls_client_fingerprint(mrb_state *mrb, mrb_value self) {
// Fingerprint is SHA-256, so we need 32 bytes buffer. // Fingerprint is SHA-256, so we need 32 bytes buffer.
std::array<uint8_t, 32> buf; std::array<uint8_t, 32> buf;
auto slen = tls::get_x509_fingerprint(buf.data(), buf.size(), x); auto slen =
tls::get_x509_fingerprint(buf.data(), buf.size(), x, EVP_sha256());
X509_free(x); X509_free(x);
if (slen == -1) { if (slen == -1) {
mrb_raise(mrb, E_RUNTIME_ERROR, "could not compute client fingerprint"); mrb_raise(mrb, E_RUNTIME_ERROR, "could not compute client fingerprint");

6
src/shrpx_tls.cc
View File

@ -1920,10 +1920,10 @@ int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
return 0; return 0;
} }
ssize_t get_x509_fingerprint(uint8_t *dst, size_t dstlen, X509 *x) { ssize_t get_x509_fingerprint(uint8_t *dst, size_t dstlen, const X509 *x,
assert(dstlen >= 32); const EVP_MD *md) {
unsigned int len = dstlen; unsigned int len = dstlen;
if (X509_digest(x, EVP_sha256(), dst, &len) != 1) { if (X509_digest(x, md, dst, &len) != 1) {
return -1; return -1;
} }
return len; return len;

10
src/shrpx_tls.h
View File

@ -269,10 +269,12 @@ int proto_version_from_string(const StringRef &v);
int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp, int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
size_t ocsp_resplen); size_t ocsp_resplen);
// Stores SHA-256 fingerprint of |x| in |dst| of length |dstlen|. // Stores fingerprint of |x| in |dst| of length |dstlen|. |md|
// |dstlen| must be larger than 32 bytes. This function returns the // specifies hash function to use, and |dstlen| must be large enough
// number of bytes written in |dst|, or -1. // to include hash value (e.g., 32 bytes for SHA-256). This function
ssize_t get_x509_fingerprint(uint8_t *dst, size_t dstlen, X509 *x); // returns the number of bytes written in |dst|, or -1.
ssize_t get_x509_fingerprint(uint8_t *dst, size_t dstlen, const X509 *x,
const EVP_MD *md);
// Returns subject name of |x|. If this function fails to get subject // Returns subject name of |x|. If this function fails to get subject
// name, it returns an empty string. // name, it returns an empty string.