Commit ca75ecd0 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files 

This patch eliminates the direct use of OS library calls (fopen and
other depreciated Apache 1.3 library utilities) from ssl_engine_pphrase.c
and ssl_util_ssl.c.

Submitted by:	Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89818 13f79535-47bb-0310-9956-ffa450edef68
parent 48ef3022

modules/ssl/ssl_engine_pphrase.c

+24 −28
Original line number Diff line number Diff line
@@ -63,6 +63,21 @@ 
                                           -- Clifford Stoll     */

#include "mod_ssl.h"



/*

 * Return true if the named file exists and is readable

 */



static apr_status_t exists_and_readable(char *fname, apr_pool_t *pool)

{

    apr_finfo_t sbuf;



    if ( apr_stat(&sbuf, fname, APR_FINFO_NORM, pool) != APR_SUCCESS )

        return APR_ENOSTAT;



    return ( ((sbuf.filetype == APR_REG) && (sbuf.protection & APR_UREAD)) ?

                   APR_SUCCESS : APR_EGENERAL);

}



/*  _________________________________________________________________

**

**  Pass Phrase and Private Key Handling
@@ -84,7 +99,6 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) 
    ssl_asn1_t *asn1;

    unsigned char *ucp;

    X509 *pX509Cert;

    FILE *fp;

    BOOL bReadable;

    ssl_ds_array *aPassPhrase;

    int nPassPhrase;
@@ -136,25 +150,16 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) 
        for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++) {



            apr_cpystrn(szPath, sc->szPublicCertFile[i], sizeof(szPath));

#if 0 /* XXX */

            if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {

#else

            if ((fp = fopen(szPath, "r")) == NULL) {

#endif

            if ( exists_and_readable(szPath, p) != APR_SUCCESS ) {

                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,

                        "Init: Can't open server certificate file %s", szPath);

                ssl_die();

            }

            if ((pX509Cert = SSL_read_X509(fp, NULL, NULL)) == NULL) {

            if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {

                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,

                        "Init: Unable to read server certificate from file %s", szPath);

                ssl_die();

            }

#if 0 /* XXX */

            ap_pfclose(p, fp);

#else

            fclose(fp);

#endif



            /*

             * check algorithm type of certificate and make
@@ -236,23 +241,14 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) 
                 * the callback function which serves the pass

                 * phrases to OpenSSL

                 */

#if 0 /* XXX */

                if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {

#else

                if ((fp = fopen(szPath, "r")) == NULL) {

#endif

                if ( exists_and_readable(szPath, p) != APR_SUCCESS ) {

                     ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,

                         "Init: Can't open server private key file %s",szPath);

                     ssl_die();

                }

                cpPassPhraseCur = NULL;

                bReadable = ((pPrivateKey = SSL_read_PrivateKey(fp, NULL,

                bReadable = ((pPrivateKey = SSL_read_PrivateKey(szPath, NULL,

                            ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE);

#if 0 /* XXX */

                ap_pfclose(p, fp);

#else

                fclose(fp);

#endif

  

                /*

                 * when the private key file now was readable,

modules/ssl/ssl_util_ssl.c

+24 −30
Original line number Diff line number Diff line
@@ -95,24 +95,23 @@ void SSL_set_app_data2(SSL *ssl, void *arg) 
**  _________________________________________________________________

*/



X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char*,int,int,void*))

X509 *SSL_read_X509(char* filename, X509 **x509, int (*cb)(char*,int,int,void*))

{

    X509 *rc;

    BIO *bioS;

    BIO *bioF;



    /* 1. try PEM (= DER+Base64+headers) */

#if SSL_LIBRARY_VERSION < 0x00904000

    rc = PEM_read_X509(fp, x509, cb);

#else

    rc = PEM_read_X509(fp, x509, cb, NULL);

#endif

       if ((bioS=BIO_new_file(filename, "r")) == NULL)

               return NULL;

       rc=PEM_read_bio_X509 (bioS, x509, cb, NULL);

       BIO_free(bioS);



    if (rc == NULL) {

        /* 2. try DER+Base64 */

        fseek(fp, 0L, SEEK_SET);

        if ((bioS = BIO_new(BIO_s_fd())) == NULL)

               if ((bioS=BIO_new_file(filename, "r")) == NULL)

                       return NULL;

        BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);

                      

               if ((bioF = BIO_new(BIO_f_base64())) == NULL) {

            BIO_free(bioS);

            return NULL;
@@ -122,10 +121,8 @@ X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char*,int,int,void*)) 
        BIO_free_all(bioS);

        if (rc == NULL) {

            /* 3. try plain DER */

            fseek(fp, 0L, SEEK_SET);

            if ((bioS = BIO_new(BIO_s_fd())) == NULL)

                       if ((bioS=BIO_new_file(filename, "r")) == NULL)

                               return NULL;

            BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);

            rc = d2i_X509_bio(bioS, NULL);

            BIO_free(bioS);

        }
@@ -148,24 +145,23 @@ static EVP_PKEY *d2i_PrivateKey_bio(BIO *bio, EVP_PKEY **key) 
}

#endif



EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char*,int,int,void*), void *s)

EVP_PKEY *SSL_read_PrivateKey(char* filename, EVP_PKEY **key, int (*cb)(char*,int,int,void*), void *s)

{

    EVP_PKEY *rc;

    BIO *bioS;

    BIO *bioF;



    /* 1. try PEM (= DER+Base64+headers) */

#if SSL_LIBRARY_VERSION < 0x00904000

    rc = PEM_read_PrivateKey(fp, key, cb);

#else

    rc = PEM_read_PrivateKey(fp, key, cb, s);

#endif

       if ((bioS=BIO_new_file(filename, "r")) == NULL)

               return NULL;

       rc = PEM_read_bio_PrivateKey(bioS, key, cb, s);

       BIO_free(bioS);



    if (rc == NULL) {

        /* 2. try DER+Base64 */

        fseek(fp, 0L, SEEK_SET);

        if ((bioS = BIO_new(BIO_s_fd())) == NULL)

               if ( (bioS = BIO_new_file(filename, "r")) == NULL )

                       return NULL;

        BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);



               if ((bioF = BIO_new(BIO_f_base64())) == NULL) {

            BIO_free(bioS);

            return NULL;
@@ -175,10 +171,8 @@ EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char*,int,int, 
        BIO_free_all(bioS);

        if (rc == NULL) {

            /* 3. try plain DER */

            fseek(fp, 0L, SEEK_SET);

            if ((bioS = BIO_new(BIO_s_fd())) == NULL)

                       if ( (bioS = BIO_new_file(filename, "r")) == NULL )

                               return NULL;

            BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);

            rc = d2i_PrivateKey_bio(bioS, NULL);

            BIO_free(bioS);

        }

modules/ssl/ssl_util_ssl.h

+2 −2
Original line number Diff line number Diff line
@@ -94,8 +94,8 @@ 
int         SSL_get_app_data2_idx(void);

void       *SSL_get_app_data2(SSL *);

void        SSL_set_app_data2(SSL *, void *);

X509       *SSL_read_X509(FILE *, X509 **, int (*)(char*,int,int,void*));

EVP_PKEY   *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int (*)(char*,int,int,void*), void *);

X509       *SSL_read_X509(char *, X509 **, int (*)(char*,int,int,void*));

EVP_PKEY   *SSL_read_PrivateKey(char *, EVP_PKEY **, int (*)(char*,int,int,void*), void *);

int         SSL_smart_shutdown(SSL *ssl);

X509_STORE *SSL_X509_STORE_create(char *, char *);

int         SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);