ssl_util.c revision bc8fd1b0b1afdf89b8d28eefa8cd74e26ba97986
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder** _ __ ___ ___ __| | ___ ___| | mod_ssl
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder** Utility Functions
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder/* ====================================================================
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * The Apache Software License, Version 1.1
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * Redistribution and use in source and binary forms, with or without
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * modification, are permitted provided that the following conditions
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * 1. Redistributions of source code must retain the above copyright
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * notice, this list of conditions and the following disclaimer.
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * 2. Redistributions in binary form must reproduce the above copyright
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * notice, this list of conditions and the following disclaimer in
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * the documentation and/or other materials provided with the
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * distribution.
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * 3. The end-user documentation included with the redistribution,
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * if any, must include the following acknowledgment:
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maeder * "This product includes software developed by the
96de7ec4008f75574077816c4c71a22e6afe1e01Christian Maeder * Apache Software Foundation (http://www.apache.org/)."
96de7ec4008f75574077816c4c71a22e6afe1e01Christian Maeder * Alternately, this acknowledgment may appear in the software itself,
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * if and wherever such third-party acknowledgments normally appear.
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * 4. The names "Apache" and "Apache Software Foundation" must
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * not be used to endorse or promote products derived from this
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * software without prior written permission. For written
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * permission, please contact apache@apache.org.
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * 5. Products derived from this software may not be called "Apache",
9d3c461220f8076ef80ca48f7b0574ded9b23e7aChristian Maeder * nor may "Apache" appear in their name, without prior written
9d3c461220f8076ef80ca48f7b0574ded9b23e7aChristian Maeder * permission of the Apache Software Foundation.
162a689da386fc8ddbbe47bcae83eaca4fc8dbc0Christian Maeder * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maeder * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
9d3c461220f8076ef80ca48f7b0574ded9b23e7aChristian Maeder * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
ce59e0cc5c7221245ed323290bfccbda4ee32dd9Christian Maeder * SUCH DAMAGE.
ce59e0cc5c7221245ed323290bfccbda4ee32dd9Christian Maeder * ====================================================================
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder /* ``Every day of my life
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maeder I am forced to add another
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder name to the list of people
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder who piss me off!''
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder/* _________________________________________________________________
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder** Utility Functions
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder** _________________________________________________________________
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maederchar *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder id = apr_psprintf(p, "%s:%lu", host, (unsigned long)port);
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder for (; *s; ++s)
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maederstatic const char ssl_util_uuencode_six2pr[64+1] =
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maedervoid ssl_util_uuencode(char *szTo, const char *szFrom, BOOL bPad)
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder ssl_util_uuencode_binary((unsigned char *)szTo,
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder (const unsigned char *)szFrom,
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maedervoid ssl_util_uuencode_binary(unsigned char *szTo,
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder const unsigned char *szFrom,
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder const unsigned char *s;
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder *szTo++ = ssl_util_uuencode_six2pr[s[0] >> 2];
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder *szTo++ = ssl_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f];
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder *szTo++ = ssl_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f];
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maeder *szTo++ = ssl_util_uuencode_six2pr[s[2] & 0x3f];
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maederapr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder const char * const *argv)
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder if (apr_procattr_create(&procattr, p) != APR_SUCCESS)
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK,
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder ap_make_dirstr_parent(p, cmd)) != APR_SUCCESS)
31c6978fd9066c9d2c3c98c950f7abbe89112522Christian Maeder if (apr_procattr_cmdtype_set(procattr, APR_PROGRAM) != APR_SUCCESS)
31c6978fd9066c9d2c3c98c950f7abbe89112522Christian Maeder if ((proc = (apr_proc_t *)apr_pcalloc(p, sizeof(apr_proc_t))) == NULL)
31c6978fd9066c9d2c3c98c950f7abbe89112522Christian Maeder if (apr_proc_create(proc, cmd, argv, NULL, procattr, p) != APR_SUCCESS)
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maedervoid ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * Run a filter program and read the first line of its stdout output
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maederchar *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder const char * const *argv)
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL)
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder /* XXX: we are reading 1 byte at a time here */
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder && nbytes == 1 && (k < MAX_STRING_LEN-1) ; ) {
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian MaederBOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maeder if (pcm & SSL_PCM_EXISTS && apr_stat(&finfo, path,
ce59e0cc5c7221245ed323290bfccbda4ee32dd9Christian Maeder if (pcm & SSL_PCM_ISREG && finfo.filetype != APR_REG)
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder if (pcm & SSL_PCM_ISDIR && finfo.filetype != APR_DIR)
bd8ff5b5f66be563e5be9d3a0c069e32d06f331cChristian Maeder if (pcm & SSL_PCM_ISNONZERO && finfo.size <= 0)
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maederssl_algo_t ssl_util_algotypeof(X509 *pCert, EVP_PKEY *pKey)
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maederchar *ssl_util_ptxtsub(apr_pool_t *p, const char *cpLine,
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * Pass 1: find substitution locations and calculate sizes
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder for (cpI = (char *)cpLine, i = 0, nResult = 0;
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * Pass 2: allocate memory and assemble result
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder for (cpI = (char *)cpLine, cpO = cpResult, i = 0;
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder apr_cpystrn(cpO, cpI, cpResult+nResult-cpO+1);
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * certain key and cert data needs to survive restarts,
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * which are stored in the user data table of s->process->pool.
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * to prevent "leaking" of this data, we use malloc/free
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * rather than apr_palloc and these wrappers to help make sure
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * we do not leak the malloc-ed data.
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maederunsigned char *ssl_asn1_table_set(apr_hash_t *table,
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * if a value for this key already exists,
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * reuse as much of the already malloc-ed data
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder * as possible.
798a3d6fdcb8c17b0bc3502a150be75c9ec8799bChristian Maeder asn1->source_mtime = 0; /* used as a note for encrypted private keys */
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maeder return asn1->cpData; /* caller will assign a value to this */
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maederssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
ce59e0cc5c7221245ed323290bfccbda4ee32dd9Christian Maeder return (ssl_asn1_t *)apr_hash_get(table, key, APR_HASH_KEY_STRING);
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maedervoid ssl_asn1_table_unset(apr_hash_t *table,
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maeder ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maederstatic const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maederconst char *ssl_asn1_table_keyfmt(apr_pool_t *p,
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maeder const char *keystr = ssl_asn1_keystr(keytype);
af1cb109bce240bcafe3823df022d6088cbfc438Christian Maeder return apr_pstrcat(p, id, ":", keystr, NULL);
96de7ec4008f75574077816c4c71a22e6afe1e01Christian Maeder * To ensure thread-safetyness in OpenSSL - work in progress
static unsigned long ssl_util_thr_id(void)
return (unsigned long) apr_os_thread_current();
for (i = 0; i < CRYPTO_NUM_LOCKS; i++) {
return APR_SUCCESS;
int i, threaded_mpm;
if (!threaded_mpm) {
* for example: debug_malloc, debug_malloc2 (see crypto/cryptlib.c)
for (i = 0; i < CRYPTO_NUM_LOCKS; i++) {
lock_count[i] = 0;