You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2021/11/03 14:29:14 UTC
svn commit: r1894718 - in /httpd/httpd/trunk: modules/md/md_crypt.c
test/modules/md/
Author: icing
Date: Wed Nov 3 14:29:14 2021
New Revision: 1894718
URL: http://svn.apache.org/viewvc?rev=1894718&view=rev
Log:
* mod_md: EC private key generation for openssl 3.0 in separate
way since the previous code does not work with it. Keeping
old code for known interop with other *SSL libs.
Modified:
httpd/httpd/trunk/modules/md/md_crypt.c
httpd/httpd/trunk/test/modules/md/ (props changed)
Modified: httpd/httpd/trunk/modules/md/md_crypt.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_crypt.c?rev=1894718&r1=1894717&r2=1894718&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_crypt.c (original)
+++ httpd/httpd/trunk/modules/md/md_crypt.c Wed Nov 3 14:29:14 2021
@@ -787,21 +787,25 @@ static apr_status_t gen_ec(md_pkey_t **p
#ifdef NID_secp384r1
if (NID_undef == curve_nid && !apr_strnatcasecmp("secp384r1", curve)) {
curve_nid = NID_secp384r1;
+ curve = EC_curve_nid2nist(curve_nid);
}
#endif
#ifdef NID_X9_62_prime256v1
if (NID_undef == curve_nid && !apr_strnatcasecmp("secp256r1", curve)) {
curve_nid = NID_X9_62_prime256v1;
+ curve = EC_curve_nid2nist(curve_nid);
}
#endif
#ifdef NID_X9_62_prime192v1
if (NID_undef == curve_nid && !apr_strnatcasecmp("secp192r1", curve)) {
curve_nid = NID_X9_62_prime192v1;
+ curve = EC_curve_nid2nist(curve_nid);
}
#endif
#if defined(NID_X25519) && !defined(LIBRESSL_VERSION_NUMBER)
if (NID_undef == curve_nid && !apr_strnatcasecmp("X25519", curve)) {
curve_nid = NID_X25519;
+ curve = EC_curve_nid2nist(curve_nid);
}
#endif
if (NID_undef == curve_nid) {
@@ -845,6 +849,7 @@ static apr_status_t gen_ec(md_pkey_t **p
#endif
default:
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (APR_SUCCESS != (rv = check_EC_curve(curve_nid, p))) goto leave;
if (NULL == (ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
|| EVP_PKEY_paramgen_init(ctx) <= 0
@@ -856,6 +861,17 @@ static apr_status_t gen_ec(md_pkey_t **p
"error generate EC key for group: %s", curve);
rv = APR_EGENERAL; goto leave;
}
+#else
+ if (APR_SUCCESS != (rv = check_EC_curve(curve_nid, p))) goto leave;
+ if (NULL == (ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
+ || EVP_PKEY_keygen_init(ctx) <= 0
+ || EVP_PKEY_CTX_ctrl_str(ctx, "ec_paramgen_curve", curve) <= 0
+ || EVP_PKEY_keygen(ctx, &(*ppkey)->pkey) <= 0) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, p,
+ "error generate EC key for group: %s", curve);
+ rv = APR_EGENERAL; goto leave;
+ }
+#endif
rv = APR_SUCCESS;
break;
}
Propchange: httpd/httpd/trunk/test/modules/md/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Wed Nov 3 14:29:14 2021
@@ -0,0 +1 @@
+.pytest_cache