From 867d08ac13241b8cee79fd318f4ba4db4467018b Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Sat, 5 May 2001 21:02:22 +0000 Subject: [PATCH] Port ssl_util.c stuff to APR. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89031 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/README | 1 + modules/ssl/mod_ssl.h | 37 ++++++---- modules/ssl/ssl_engine_config.c | 26 +++---- modules/ssl/ssl_engine_init.c | 4 +- modules/ssl/ssl_util.c | 122 ++++++++++---------------------- 5 files changed, 75 insertions(+), 115 deletions(-) diff --git a/modules/ssl/README b/modules/ssl/README index 3ece2849da..4f2f61e504 100644 --- a/modules/ssl/README +++ b/modules/ssl/README @@ -165,4 +165,5 @@ ssl_var_unregister(); ssl_ext_unregister(); ssl_io_unregister(); + o We certainly need CRYPTO_set_locking_callback() now also under Unix! diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h index 224ed63452..26ce020d55 100644 --- a/modules/ssl/mod_ssl.h +++ b/modules/ssl/mod_ssl.h @@ -125,6 +125,7 @@ #include "scoreboard.h" #include "util_md5.h" #include "apr.h" +#include "apr_lib.h" #include "apr_fnmatch.h" #include "apr_strings.h" #include "apr_pools.h" @@ -196,11 +197,15 @@ #define cfgMergeString(el) cfgMerge(el, NULL) #define cfgMergeBool(el) cfgMerge(el, UNSET) #define cfgMergeInt(el) cfgMerge(el, UNSET) +#endif /* XXX */ +#if 0 /* XXX */ #define myModConfig() (SSLModConfigRec *)ap_ctx_get(ap_global_ctx, "ssl_module") +#endif /* XXX */ #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module) #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module) +#if 0 /* XXX */ #define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val #define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num) #endif /* XXX */ @@ -280,8 +285,6 @@ typedef struct { * Define the certificate algorithm types */ -#if 0 /* XXX */ - typedef int ssl_algo_t; #define SSL_ALGO_UNKNOWN (0) @@ -293,6 +296,8 @@ typedef int ssl_algo_t; #define SSL_AIDX_DSA (1) #define SSL_AIDX_MAX (2) +#if 0 /* XXX */ + /* * Define IDs for the temporary RSA keys and DH params */ @@ -350,6 +355,7 @@ typedef enum { SSL_PPTYPE_BUILTIN = 0, SSL_PPTYPE_FILTER = 1 } ssl_pphrase_t; +#endif /* XXX */ /* * Define the Path Checking modes @@ -360,6 +366,8 @@ typedef enum { #define SSL_PCM_ISNONZERO 8 typedef unsigned int ssl_pathcheck_t; +#if 0 /* XXX */ + /* * Define the SSL session cache modes and structures */ @@ -453,8 +461,10 @@ typedef struct { * (i.e. the configuration for the main server * and all contexts) */ +#endif /* XXX */ typedef struct { BOOL bEnabled; +#if 0 /* XXX */ char *szPublicCertFile[SSL_AIDX_MAX]; char *szPrivateKeyFile[SSL_AIDX_MAX]; char *szCertificateChain; @@ -489,8 +499,10 @@ typedef struct { SSL_CTX *pSSLProxyCtx; STACK_OF(X509_INFO) *skProxyClientCerts; #endif +#endif /* XXX */ } SSLSrvConfigRec; +#if 0 /* XXX */ /* * Define the mod_ssl per-directory configuration structure * (i.e. the local configuration for all @@ -513,16 +525,14 @@ typedef struct { #endif #endif /* XXX */ } SSLDirConfigRec; -#if 0 /* XXX */ /* * function prototypes */ /* API glue structures */ -extern module MODULE_VAR_EXPORT ssl_module; +extern module AP_MODULE_DECLARE_DATA ssl_module; -#endif /* XXX */ /* configuration handling */ void ssl_config_global_create(void); void ssl_config_global_fix(void); @@ -686,21 +696,20 @@ int ssl_rand_seed(server_rec *, pool *, ssl_rsctx_t, char *); void ssl_ext_register(void); void ssl_ext_unregister(void); +#endif /* XXX */ + /* Utility Functions */ -char *ssl_util_vhostid(pool *, server_rec *); +char *ssl_util_vhostid(apr_pool_t *, server_rec *); void ssl_util_strupper(char *); void ssl_util_uuencode(char *, const char *, BOOL); void ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL); -FILE *ssl_util_ppopen(server_rec *, pool *, char *); -int ssl_util_ppopen_child(void *, child_info *); -void ssl_util_ppclose(server_rec *, pool *, FILE *); -char *ssl_util_readfilter(server_rec *, pool *, char *); -BOOL ssl_util_path_check(ssl_pathcheck_t, char *); +apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, char *); +void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *); +char *ssl_util_readfilter(server_rec *, apr_pool_t *, char *); +BOOL ssl_util_path_check(ssl_pathcheck_t, char *, apr_pool_t *); ssl_algo_t ssl_util_algotypeof(X509 *, EVP_PKEY *); char *ssl_util_algotypestr(ssl_algo_t); -char *ssl_util_ptxtsub(pool *, const char *, const char *, char *); +char *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *); void ssl_util_thread_setup(void); -#endif /* XXX */ - #endif /* __MOD_SSL_H__ */ diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index c36f9d8e7b..690dc82764 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -358,7 +358,7 @@ const char *ssl_cmd_SSLPassPhraseDialog( else if (strlen(arg) > 5 && strEQn(arg, "exec:", 5)) { sc->nPassPhraseDialogType = SSL_PPTYPE_FILTER; sc->szPassPhraseDialogPath = ap_server_root_relative(cmd->pool, "dialog", arg+5); - if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLPassPhraseDialog: file '", sc->szPassPhraseDialogPath, "' not exists", NULL); } @@ -445,7 +445,7 @@ const char *ssl_cmd_SSLRandomSeed( pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2)); } if (pRS->nSrc != SSL_RSSRC_BUILTIN) - if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLRandomSeed: source path '", pRS->cpPath, "' not exists", NULL); if (arg3 == NULL) @@ -496,7 +496,7 @@ const char *ssl_cmd_SSLCertificateFile( int i; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLCertificateFile: file '", cpPath, "' not exists or empty", NULL); for (i = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++) @@ -519,7 +519,7 @@ const char *ssl_cmd_SSLCertificateKeyFile( int i; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLCertificateKeyFile: file '", cpPath, "' not exists or empty", NULL); for (i = 0; i < SSL_AIDX_MAX && sc->szPrivateKeyFile[i] != NULL; i++) @@ -541,7 +541,7 @@ const char *ssl_cmd_SSLCertificateChainFile( char *cpPath; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLCertificateChainFile: file '", cpPath, "' not exists or empty", NULL); sc->szCertificateChain = cpPath; @@ -557,7 +557,7 @@ const char *ssl_cmd_SSLCACertificatePath( char *cpPath; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLCACertificatePath: directory '", cpPath, "' not exists", NULL); #ifdef SSL_EXPERIMENTAL_PERDIRCA @@ -580,7 +580,7 @@ const char *ssl_cmd_SSLCACertificateFile( char *cpPath; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLCACertificateFile: file '", cpPath, "' not exists or empty", NULL); #ifdef SSL_EXPERIMENTAL_PERDIRCA @@ -603,7 +603,7 @@ const char *ssl_cmd_SSLCARevocationPath( char *cpPath; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLCARecocationPath: directory '", cpPath, "' not exists", NULL); sc->szCARevocationPath = cpPath; @@ -619,7 +619,7 @@ const char *ssl_cmd_SSLCARevocationFile( char *cpPath; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLCARevocationFile: file '", cpPath, "' not exists or empty", NULL); sc->szCARevocationFile = cpPath; @@ -1011,7 +1011,7 @@ const char *ssl_cmd_SSLProxyCACertificateFile( char *cpPath; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLProxyCACertificateFile: file '", cpPath, "' not exists or empty", NULL); sc->szProxyCACertificateFile = cpPath; @@ -1027,7 +1027,7 @@ const char *ssl_cmd_SSLProxyCACertificatePath( char *cpPath; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLProxyCACertificatePath: directory '", cpPath, "' does not exists", NULL); sc->szProxyCACertificatePath = cpPath; @@ -1043,7 +1043,7 @@ const char *ssl_cmd_SSLProxyMachineCertificateFile( char *cpPath; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLProxyMachineCertFile: file '", cpPath, "' not exists or empty", NULL); sc->szProxyClientCertificateFile = cpPath; @@ -1059,7 +1059,7 @@ const char *ssl_cmd_SSLProxyMachineCertificatePath( char *cpPath; cpPath = ap_server_root_relative(cmd->pool, "certkey", arg); - if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath)) + if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool)) return ap_pstrcat(cmd->pool, "SSLProxyMachineCertPath: directory '", cpPath, "' does not exists", NULL); sc->szProxyClientCertificatePath = cpPath; diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 777662cb37..46fb0c5f18 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -270,12 +270,10 @@ void ssl_init_Module(server_rec *s, pool *p) */ void ssl_init_SSLLibrary(void) { -#ifdef WIN32 CRYPTO_malloc_init(); -#endif SSL_load_error_strings(); SSL_library_init(); - ssl_util_thread_setup(); + /* XXX CRYPTO_set_locking_callback(); */ X509V3_add_standard_extensions(); return; } diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c index 3b23075cf9..272dca05fd 100644 --- a/modules/ssl/ssl_util.c +++ b/modules/ssl/ssl_util.c @@ -63,15 +63,13 @@ -- Calvin */ #include "mod_ssl.h" -#if 0 /* XXX */ - /* _________________________________________________________________ ** ** Utility Functions ** _________________________________________________________________ */ -char *ssl_util_vhostid(pool *p, server_rec *s) +char *ssl_util_vhostid(apr_pool_t *p, server_rec *s) { char *id; SSLSrvConfigRec *sc; @@ -88,14 +86,14 @@ char *ssl_util_vhostid(pool *p, server_rec *s) else port = DEFAULT_HTTP_PORT; } - id = ap_psprintf(p, "%s:%u", host, port); + id = apr_psprintf(p, "%s:%u", host, port); return id; } void ssl_util_strupper(char *s) { for (; *s; ++s) - *s = toupper(*s); + *s = apr_toupper(*s); return; } @@ -136,62 +134,49 @@ void ssl_util_uuencode_binary( return; } -FILE *ssl_util_ppopen(server_rec *s, pool *p, char *cmd) +apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, char *cmd) { - FILE *fpout; - int rc; + apr_procattr_t *procattr; + apr_proc_t *proc; - fpout = NULL; - rc = ap_spawn_child(p, ssl_util_ppopen_child, - (void *)cmd, kill_after_timeout, - NULL, &fpout, NULL); - if (rc == 0 || fpout == NULL) { - ap_log_error(APLOG_MARK, APLOG_ERR, s, - "ssl_util_ppopen: could not run: %s", cmd); + if (apr_procattr_create(&procattr, p) != APR_SUCCESS) return NULL; - } - return (fpout); -} - -int ssl_util_ppopen_child(void *cmd, child_info *pinfo) -{ - int child_pid = 1; - - /* - * Prepare for exec - */ - ap_cleanup_for_exec(); -#ifdef SIGHUP - signal(SIGHUP, SIG_IGN); -#endif - - /* - * Exec() the child program - */ - execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, NULL); - return (child_pid); + if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK, + APR_FULL_BLOCK) != APR_SUCCESS) + return NULL; + if (apr_procattr_dir_set(procattr, + ap_make_dirstr_parent(p, cmd)) != APR_SUCCESS) + return NULL; + if (apr_procattr_cmdtype_set(procattr, APR_PROGRAM) != APR_SUCCESS) + return NULL; + if ((proc = (apr_proc_t *)apr_pcalloc(p, sizeof(apr_proc_t))) == NULL) + return NULL; + if (apr_proc_create(proc, cmd, NULL, NULL, procattr, p) != APR_SUCCESS) + return NULL; + return proc->out; } -void ssl_util_ppclose(server_rec *s, pool *p, FILE *fp) +void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp) { - ap_pfclose(p, fp); + apr_file_close(fp); return; } /* * Run a filter program and read the first line of its stdout output */ -char *ssl_util_readfilter(server_rec *s, pool *p, char *cmd) +char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, char *cmd) { static char buf[MAX_STRING_LEN]; - FILE *fp; + apr_file_t *fp; + apr_size_t nbytes; char c; int k; if ((fp = ssl_util_ppopen(s, p, cmd)) == NULL) return NULL; - for (k = 0; read(fileno(fp), &c, 1) == 1 - && (k < MAX_STRING_LEN-1) ; ) { + for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS + && nbytes == 1 && (k < MAX_STRING_LEN-1) ; ) { if (c == '\n' || c == '\r') break; buf[k++] = c; @@ -202,19 +187,20 @@ char *ssl_util_readfilter(server_rec *s, pool *p, char *cmd) return buf; } -BOOL ssl_util_path_check(ssl_pathcheck_t pcm, char *path) +BOOL ssl_util_path_check(ssl_pathcheck_t pcm, char *path, apr_pool_t *p) { - struct stat sb; + apr_finfo_t finfo; if (path == NULL) return FALSE; - if (pcm & SSL_PCM_EXISTS && stat(path, &sb) != 0) + if (pcm & SSL_PCM_EXISTS && apr_stat(&finfo, path, + APR_FINFO_TYPE|APR_FINFO_SIZE, p) != 0) return FALSE; - if (pcm & SSL_PCM_ISREG && !S_ISREG(sb.st_mode)) + if (pcm & SSL_PCM_ISREG && finfo.filetype != APR_REG) return FALSE; - if (pcm & SSL_PCM_ISDIR && !S_ISDIR(sb.st_mode)) + if (pcm & SSL_PCM_ISDIR && finfo.filetype != APR_DIR) return FALSE; - if (pcm & SSL_PCM_ISNONZERO && sb.st_mode <= 0) + if (pcm & SSL_PCM_ISNONZERO && finfo.size <= 0) return FALSE; return TRUE; } @@ -260,7 +246,7 @@ char *ssl_util_algotypestr(ssl_algo_t t) } char *ssl_util_ptxtsub( - pool *p, const char *cpLine, const char *cpMatch, char *cpSubst) + apr_pool_t *p, const char *cpLine, const char *cpMatch, char *cpSubst) { #define MAX_PTXTSUB 100 char *cppMatch[MAX_PTXTSUB]; @@ -299,7 +285,7 @@ char *ssl_util_ptxtsub( /* * Pass 2: allocate memory and assemble result */ - cpResult = ap_pcalloc(p, nResult+1); + cpResult = apr_pcalloc(p, nResult+1); for (cpI = (char *)cpLine, cpO = cpResult, i = 0; cppMatch[i] != NULL; i++) { ap_cpystrn(cpO, cpI, cppMatch[i]-cpI+1); cpO += (cppMatch[i]-cpI); @@ -307,42 +293,8 @@ char *ssl_util_ptxtsub( cpO += nSubst; cpI = (cppMatch[i]+nMatch); } - ap_cpystrn(cpO, cpI, cpResult+nResult-cpO+1); + apr_cpystrn(cpO, cpI, cpResult+nResult-cpO+1); return cpResult; } -/* _________________________________________________________________ -** -** Special Functions for Win32/OpenSSL -** _________________________________________________________________ -*/ - -#ifdef WIN32 -static HANDLE lock_cs[CRYPTO_NUM_LOCKS]; - -static void win32_locking_callback(int mode, int type, char* file, int line) -{ - if (mode & CRYPTO_LOCK) - WaitForSingleObject(lock_cs[type], INFINITE); - else - ReleaseMutex(lock_cs[type]); - return; -} -#endif /* WIN32 */ - -void ssl_util_thread_setup(void) -{ -#ifdef WIN32 - int i; - - for (i = 0; i < CRYPTO_NUM_LOCKS; i++) - lock_cs[i] = CreateMutex(NULL, FALSE, NULL); - CRYPTO_set_locking_callback((void(*)(int, int, const char *, int)) - win32_locking_callback); -#endif /* WIN32 */ - return; -} - -#endif /* XXX */ - -- 2.50.1