Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

TLS-SCT: compile on old versions of OpenSSL (1.0.1...)

Browse source
This commit is contained in:
Johanna Amann 2017-03-27 20:13:12 +00:00
parent aec62aeee9
commit b8e81029f8
1 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/file_analysis/analyzer/x509/functions.bif
View file

@ -600,14 +600,14 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
{
x = X509_dup(x);
assert(x);
#ifdef NID_ct_precert_scts
#ifdef NID_ct_precert_scts
int pos = X509_get_ext_by_NID(x, NID_ct_precert_scts, -1);
if ( pos < 0 )
{
reporter->Error("NID_ct_precert_scts not found");
return new Val(0, TYPE_BOOL);
}
#else
#else
int num_ext = X509_get_ext_count(x);
int pos = -1;
for ( int k = 0; k < num_ext; ++k )
@ -622,9 +622,11 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
break;
}
}
#endif
#endif
X509_EXTENSION_free(X509_delete_ext(x, pos));
#ifdef NID_ct_precert_scts
assert( X509_get_ext_by_NID(x, NID_ct_precert_scts, -1) == -1 );
#endif
}
unsigned char *cert_out = nullptr;
@ -684,7 +686,14 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
goto sct_verify_err;
}
#ifdef NID_ct_precert_scts
success = EVP_DigestVerifyFinal(mdctx, signature->Bytes(), signature->Len());
#else
// older versions of OpenSSL use a non-const-char *sigh*
// I don't think they actually manipulate the value though.
// todo - this needs a cmake test
success = EVP_DigestVerifyFinal(mdctx, (unsigned char*) signature->Bytes(), signature->Len());
#endif
EVP_MD_CTX_destroy(mdctx);
return new Val(success, TYPE_BOOL);