From: Yann Ylavic <ylavic@apache.org>
Date: Fri, 24 Apr 2020 17:14:21 +0000 (+0000)
Subject: mod_ssl: follow up to r1876934: wrap DH_bits()
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1489
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=822785094fe21fa22173c6b58739535200432834;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: follow up to r1876934: wrap DH_bits()

DH_get0_p() seems to be undefined for some openssl versions, so it can't
be used to implement DH_bits() generically.

Add new a modssl_DH_bits() wrapper to call DH_bits() for openssl < 3,
and BN_num_bits(DH_get0_p(dh)) otherwise.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876938 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index b48ff73009a..5fc25881c4b 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1322,6 +1322,15 @@ static int ssl_no_passwd_prompt_cb(char *buf, int size, int rwflag,
    return 0;
 }
 
+static APR_INLINE int modssl_DH_bits(DH *dh)
+{
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    return DH_bits(dh);
+#else
+    return BN_num_bits(DH_get0_p(dh));
+#endif
+}
+
 static apr_status_t ssl_init_server_certs(server_rec *s,
                                           apr_pool_t *p,
                                           apr_pool_t *ptemp,
@@ -1521,7 +1530,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
         SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dh);
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
                      "Custom DH parameters (%d bits) for %s loaded from %s",
-                     BN_num_bits(DH_get0_p(dh)), vhost_id, certfile);
+                     modssl_DH_bits(dh), vhost_id, certfile);
         DH_free(dh);
     }