Port ssl_util.c stuff to APR. (21cf783b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

modules/ssl/README

+1 −0

Original line number	Diff line number	Diff line
		@@ -165,4 +165,5 @@
		ssl_var_unregister();
		ssl_ext_unregister();
		ssl_io_unregister();
		o We certainly need CRYPTO_set_locking_callback() now also under Unix!

modules/ssl/mod_ssl.h

+23 −14

Original line number	Diff line number	Diff line
		@@ -125,6 +125,7 @@
		#include "scoreboard.h"
		#include "util_md5.h"
		#include "apr.h"
		#include "apr_lib.h"
		#include "apr_fnmatch.h"
		#include "apr_strings.h"
		#include "apr_pools.h"
		@@ -196,11 +197,15 @@
		#define cfgMergeString(el) cfgMerge(el, NULL)
		#define cfgMergeBool(el) cfgMerge(el, UNSET)
		#define cfgMergeInt(el) cfgMerge(el, UNSET)
		#endif /* XXX */

		#if 0 /* XXX */
		#define myModConfig() (SSLModConfigRec *)ap_ctx_get(ap_global_ctx, "ssl_module")
		#endif /* XXX */
		#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module)
		#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)

		#if 0 /* XXX */
		#define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val
		#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
		#endif /* XXX */
		@@ -280,8 +285,6 @@ typedef struct {
		* Define the certificate algorithm types
		*/

		#if 0 /* XXX */

		typedef int ssl_algo_t;

		#define SSL_ALGO_UNKNOWN (0)
		@@ -293,6 +296,8 @@ typedef int ssl_algo_t;
		#define SSL_AIDX_DSA (1)
		#define SSL_AIDX_MAX (2)

		#if 0 /* XXX */

		/*
		* Define IDs for the temporary RSA keys and DH params
		*/
		@@ -350,6 +355,7 @@ typedef enum {
		SSL_PPTYPE_BUILTIN = 0,
		SSL_PPTYPE_FILTER = 1
		} ssl_pphrase_t;
		#endif /* XXX */

		/*
		* Define the Path Checking modes
		@@ -360,6 +366,8 @@ typedef enum {
		#define SSL_PCM_ISNONZERO 8
		typedef unsigned int ssl_pathcheck_t;

		#if 0 /* XXX */

		/*
		* Define the SSL session cache modes and structures
		*/
		@@ -453,8 +461,10 @@ typedef struct {
		* (i.e. the configuration for the main server
		* and all <VirtualHost> contexts)
		*/
		#endif /* XXX */
		typedef struct {
		BOOL bEnabled;
		#if 0 /* XXX */
		char *szPublicCertFile[SSL_AIDX_MAX];
		char *szPrivateKeyFile[SSL_AIDX_MAX];
		char *szCertificateChain;
		@@ -489,8 +499,10 @@ typedef struct {
		SSL_CTX *pSSLProxyCtx;
		STACK_OF(X509_INFO) *skProxyClientCerts;
		#endif
		#endif /* XXX */
		} SSLSrvConfigRec;

		#if 0 /* XXX */
		/*
		* Define the mod_ssl per-directory configuration structure
		* (i.e. the local configuration for all <Directory>
		@@ -513,16 +525,14 @@ typedef struct {
		#endif
		#endif /* XXX */
		} SSLDirConfigRec;
		#if 0 /* XXX */

		/*
		* function prototypes
		*/

		/* API glue structures */
		extern module MODULE_VAR_EXPORT ssl_module;
		extern module AP_MODULE_DECLARE_DATA ssl_module;

		#endif /* XXX */
		/* configuration handling */
		void ssl_config_global_create(void);
		void ssl_config_global_fix(void);
		@@ -686,21 +696,20 @@ int ssl_rand_seed(server_rec , pool , ssl_rsctx_t, char *);
		void ssl_ext_register(void);
		void ssl_ext_unregister(void);

		#endif /* XXX */

		/* Utility Functions */
		char ssl_util_vhostid(pool , server_rec *);
		char ssl_util_vhostid(apr_pool_t , server_rec *);
		void ssl_util_strupper(char *);
		void ssl_util_uuencode(char , const char , BOOL);
		void ssl_util_uuencode_binary(unsigned char , const unsigned char , int, BOOL);
		FILE ssl_util_ppopen(server_rec , pool , char );
		int ssl_util_ppopen_child(void , child_info );
		void ssl_util_ppclose(server_rec , pool , FILE *);
		char ssl_util_readfilter(server_rec , pool , char );
		BOOL ssl_util_path_check(ssl_pathcheck_t, char *);
		apr_file_t ssl_util_ppopen(server_rec , apr_pool_t , char );
		void ssl_util_ppclose(server_rec , apr_pool_t , apr_file_t *);
		char ssl_util_readfilter(server_rec , apr_pool_t , char );
		BOOL ssl_util_path_check(ssl_pathcheck_t, char , apr_pool_t );
		ssl_algo_t ssl_util_algotypeof(X509 , EVP_PKEY );
		char *ssl_util_algotypestr(ssl_algo_t);
		char ssl_util_ptxtsub(pool , const char , const char , char *);
		char ssl_util_ptxtsub(apr_pool_t , const char , const char , char *);
		void ssl_util_thread_setup(void);

		#endif /* XXX */

		#endif /* __MOD_SSL_H__ */

modules/ssl/ssl_engine_config.c

+13 −13

Original line number	Diff line number	Diff line
		@@ -358,7 +358,7 @@ const char *ssl_cmd_SSLPassPhraseDialog(
		else if (strlen(arg) > 5 && strEQn(arg, "exec:", 5)) {
		sc->nPassPhraseDialogType = SSL_PPTYPE_FILTER;
		sc->szPassPhraseDialogPath = ap_server_root_relative(cmd->pool, "dialog", arg+5);
		if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLPassPhraseDialog: file '",
		sc->szPassPhraseDialogPath, "' not exists", NULL);
		}
		@@ -445,7 +445,7 @@ const char *ssl_cmd_SSLRandomSeed(
		pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2));
		}
		if (pRS->nSrc != SSL_RSSRC_BUILTIN)
		if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLRandomSeed: source path '",
		pRS->cpPath, "' not exists", NULL);
		if (arg3 == NULL)
		@@ -496,7 +496,7 @@ const char *ssl_cmd_SSLCertificateFile(
		int i;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLCertificateFile: file '",
		cpPath, "' not exists or empty", NULL);
		for (i = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++)
		@@ -519,7 +519,7 @@ const char *ssl_cmd_SSLCertificateKeyFile(
		int i;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLCertificateKeyFile: file '",
		cpPath, "' not exists or empty", NULL);
		for (i = 0; i < SSL_AIDX_MAX && sc->szPrivateKeyFile[i] != NULL; i++)
		@@ -541,7 +541,7 @@ const char *ssl_cmd_SSLCertificateChainFile(
		char *cpPath;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLCertificateChainFile: file '",
		cpPath, "' not exists or empty", NULL);
		sc->szCertificateChain = cpPath;
		@@ -557,7 +557,7 @@ const char *ssl_cmd_SSLCACertificatePath(
		char *cpPath;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLCACertificatePath: directory '",
		cpPath, "' not exists", NULL);
		#ifdef SSL_EXPERIMENTAL_PERDIRCA
		@@ -580,7 +580,7 @@ const char *ssl_cmd_SSLCACertificateFile(
		char *cpPath;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLCACertificateFile: file '",
		cpPath, "' not exists or empty", NULL);
		#ifdef SSL_EXPERIMENTAL_PERDIRCA
		@@ -603,7 +603,7 @@ const char *ssl_cmd_SSLCARevocationPath(
		char *cpPath;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLCARecocationPath: directory '",
		cpPath, "' not exists", NULL);
		sc->szCARevocationPath = cpPath;
		@@ -619,7 +619,7 @@ const char *ssl_cmd_SSLCARevocationFile(
		char *cpPath;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLCARevocationFile: file '",
		cpPath, "' not exists or empty", NULL);
		sc->szCARevocationFile = cpPath;
		@@ -1011,7 +1011,7 @@ const char *ssl_cmd_SSLProxyCACertificateFile(
		char *cpPath;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLProxyCACertificateFile: file '",
		cpPath, "' not exists or empty", NULL);
		sc->szProxyCACertificateFile = cpPath;
		@@ -1027,7 +1027,7 @@ const char *ssl_cmd_SSLProxyCACertificatePath(
		char *cpPath;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLProxyCACertificatePath: directory '",
		cpPath, "' does not exists", NULL);
		sc->szProxyCACertificatePath = cpPath;
		@@ -1043,7 +1043,7 @@ const char *ssl_cmd_SSLProxyMachineCertificateFile(
		char *cpPath;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLProxyMachineCertFile: file '",
		cpPath, "' not exists or empty", NULL);
		sc->szProxyClientCertificateFile = cpPath;
		@@ -1059,7 +1059,7 @@ const char *ssl_cmd_SSLProxyMachineCertificatePath(
		char *cpPath;

		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath))
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath, cmd->pool))
		return ap_pstrcat(cmd->pool, "SSLProxyMachineCertPath: directory '",
		cpPath, "' does not exists", NULL);
		sc->szProxyClientCertificatePath = cpPath;

modules/ssl/ssl_engine_init.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -270,12 +270,10 @@ void ssl_init_Module(server_rec s, pool p)
		*/
		void ssl_init_SSLLibrary(void)
		{
		#ifdef WIN32
		CRYPTO_malloc_init();
		#endif
		SSL_load_error_strings();
		SSL_library_init();
		ssl_util_thread_setup();
		/* XXX CRYPTO_set_locking_callback(); */
		X509V3_add_standard_extensions();
		return;
		}

modules/ssl/ssl_util.c

+37 −85

Original line number	Diff line number	Diff line
		@@ -63,15 +63,13 @@
		-- Calvin */
		#include "mod_ssl.h"

		#if 0 /* XXX */

		/* _________________________________________________________________
		**
		** Utility Functions
		** _________________________________________________________________
		*/

		char ssl_util_vhostid(pool p, server_rec *s)
		char ssl_util_vhostid(apr_pool_t p, server_rec *s)
		{
		char *id;
		SSLSrvConfigRec *sc;
		@@ -88,14 +86,14 @@ char ssl_util_vhostid(pool p, server_rec *s)
		else
		port = DEFAULT_HTTP_PORT;
		}
		id = ap_psprintf(p, "%s:%u", host, port);
		id = apr_psprintf(p, "%s:%u", host, port);
		return id;
		}

		void ssl_util_strupper(char *s)
		{
		for (; *s; ++s)
		s = toupper(s);
		s = apr_toupper(s);
		return;
		}

		@@ -136,62 +134,49 @@ void ssl_util_uuencode_binary(
		return;
		}

		FILE ssl_util_ppopen(server_rec s, pool p, char cmd)
		apr_file_t ssl_util_ppopen(server_rec s, apr_pool_t p, char cmd)
		{
		FILE *fpout;
		int rc;
		apr_procattr_t *procattr;
		apr_proc_t *proc;

		fpout = NULL;
		rc = ap_spawn_child(p, ssl_util_ppopen_child,
		(void *)cmd, kill_after_timeout,
		NULL, &fpout, NULL);
		if (rc == 0 \|\| fpout == NULL) {
		ap_log_error(APLOG_MARK, APLOG_ERR, s,
		"ssl_util_ppopen: could not run: %s", cmd);
		if (apr_procattr_create(&procattr, p) != APR_SUCCESS)
		return NULL;
		}
		return (fpout);
		}

		int ssl_util_ppopen_child(void cmd, child_info pinfo)
		{
		int child_pid = 1;

		/*
		* Prepare for exec
		*/
		ap_cleanup_for_exec();
		#ifdef SIGHUP
		signal(SIGHUP, SIG_IGN);
		#endif

		/*
		* Exec() the child program
		*/
		execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, NULL);
		return (child_pid);
		if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK,
		APR_FULL_BLOCK) != APR_SUCCESS)
		return NULL;
		if (apr_procattr_dir_set(procattr,
		ap_make_dirstr_parent(p, cmd)) != APR_SUCCESS)
		return NULL;
		if (apr_procattr_cmdtype_set(procattr, APR_PROGRAM) != APR_SUCCESS)
		return NULL;
		if ((proc = (apr_proc_t *)apr_pcalloc(p, sizeof(apr_proc_t))) == NULL)
		return NULL;
		if (apr_proc_create(proc, cmd, NULL, NULL, procattr, p) != APR_SUCCESS)
		return NULL;
		return proc->out;
		}

		void ssl_util_ppclose(server_rec s, pool p, FILE *fp)
		void ssl_util_ppclose(server_rec s, apr_pool_t p, apr_file_t *fp)
		{
		ap_pfclose(p, fp);
		apr_file_close(fp);
		return;
		}

		/*
		* Run a filter program and read the first line of its stdout output
		*/
		char ssl_util_readfilter(server_rec s, pool p, char cmd)
		char ssl_util_readfilter(server_rec s, apr_pool_t p, char cmd)
		{
		static char buf[MAX_STRING_LEN];
		FILE *fp;
		apr_file_t *fp;
		apr_size_t nbytes;
		char c;
		int k;

		if ((fp = ssl_util_ppopen(s, p, cmd)) == NULL)
		return NULL;
		for (k = 0; read(fileno(fp), &c, 1) == 1
		&& (k < MAX_STRING_LEN-1) ; ) {
		for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
		&& nbytes == 1 && (k < MAX_STRING_LEN-1) ; ) {
		if (c == '\n' \|\| c == '\r')
		break;
		buf[k++] = c;
		@@ -202,19 +187,20 @@ char ssl_util_readfilter(server_rec s, pool p, char cmd)
		return buf;
		}

		BOOL ssl_util_path_check(ssl_pathcheck_t pcm, char *path)
		BOOL ssl_util_path_check(ssl_pathcheck_t pcm, char path, apr_pool_t p)
		{
		struct stat sb;
		apr_finfo_t finfo;

		if (path == NULL)
		return FALSE;
		if (pcm & SSL_PCM_EXISTS && stat(path, &sb) != 0)
		if (pcm & SSL_PCM_EXISTS && apr_stat(&finfo, path,
		APR_FINFO_TYPE\|APR_FINFO_SIZE, p) != 0)
		return FALSE;
		if (pcm & SSL_PCM_ISREG && !S_ISREG(sb.st_mode))
		if (pcm & SSL_PCM_ISREG && finfo.filetype != APR_REG)
		return FALSE;
		if (pcm & SSL_PCM_ISDIR && !S_ISDIR(sb.st_mode))
		if (pcm & SSL_PCM_ISDIR && finfo.filetype != APR_DIR)
		return FALSE;
		if (pcm & SSL_PCM_ISNONZERO && sb.st_mode <= 0)
		if (pcm & SSL_PCM_ISNONZERO && finfo.size <= 0)
		return FALSE;
		return TRUE;
		}
		@@ -260,7 +246,7 @@ char *ssl_util_algotypestr(ssl_algo_t t)
		}

		char *ssl_util_ptxtsub(
		pool p, const char cpLine, const char cpMatch, char cpSubst)
		apr_pool_t p, const char cpLine, const char cpMatch, char cpSubst)
		{
		#define MAX_PTXTSUB 100
		char *cppMatch[MAX_PTXTSUB];
		@@ -299,7 +285,7 @@ char *ssl_util_ptxtsub(
		/*
		* Pass 2: allocate memory and assemble result
		*/
		cpResult = ap_pcalloc(p, nResult+1);
		cpResult = apr_pcalloc(p, nResult+1);
		for (cpI = (char *)cpLine, cpO = cpResult, i = 0; cppMatch[i] != NULL; i++) {
		ap_cpystrn(cpO, cpI, cppMatch[i]-cpI+1);
		cpO += (cppMatch[i]-cpI);
		@@ -307,42 +293,8 @@ char *ssl_util_ptxtsub(
		cpO += nSubst;
		cpI = (cppMatch[i]+nMatch);
		}
		ap_cpystrn(cpO, cpI, cpResult+nResult-cpO+1);
		apr_cpystrn(cpO, cpI, cpResult+nResult-cpO+1);

		return cpResult;
		}

		/* _________________________________________________________________
		**
		** Special Functions for Win32/OpenSSL
		** _________________________________________________________________
		*/

		#ifdef WIN32
		static HANDLE lock_cs[CRYPTO_NUM_LOCKS];

		static void win32_locking_callback(int mode, int type, char* file, int line)
		{
		if (mode & CRYPTO_LOCK)
		WaitForSingleObject(lock_cs[type], INFINITE);
		else
		ReleaseMutex(lock_cs[type]);
		return;
		}
		#endif /* WIN32 */

		void ssl_util_thread_setup(void)
		{
		#ifdef WIN32
		int i;

		for (i = 0; i < CRYPTO_NUM_LOCKS; i++)
		lock_cs[i] = CreateMutex(NULL, FALSE, NULL);
		CRYPTO_set_locking_callback((void()(int, int, const char , int))
		win32_locking_callback);
		#endif /* WIN32 */
		return;
		}

		#endif /* XXX */