modules/ssl/ssl_util.c

	ssl_util.c revision d54a31567fc49f1841d27a14796ae726016c54aa
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse/*                      _             _
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**                      |_____|
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**  ssl_util.c
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**  Utility Functions
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse*/
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse/* ====================================================================
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * The Apache Software License, Version 1.1
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *
bc8fd1b0b1afdf89b8d28eefa8cd74e26ba97986fielding * Copyright (c) 2000-2002 The Apache Software Foundation.  All rights
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * reserved.
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * Redistribution and use in source and binary forms, with or without
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * modification, are permitted provided that the following conditions
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * are met:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * 1. Redistributions of source code must retain the above copyright
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *    notice, this list of conditions and the following disclaimer.
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * 2. Redistributions in binary form must reproduce the above copyright
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *    notice, this list of conditions and the following disclaimer in
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *    the documentation and/or other materials provided with the
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *    distribution.
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * 3. The end-user documentation included with the redistribution,
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *    if any, must include the following acknowledgment:
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *       "This product includes software developed by the
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *        Apache Software Foundation (http://www.apache.org/)."
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *    Alternately, this acknowledgment may appear in the software itself,
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *    if and wherever such third-party acknowledgments normally appear.
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * 4. The names "Apache" and "Apache Software Foundation" must
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *    not be used to endorse or promote products derived from this
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *    software without prior written permission. For written
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *    permission, please contact apache@apache.org.
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * 5. Products derived from this software may not be called "Apache",
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *    nor may "Apache" appear in their name, without prior written
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *    permission of the Apache Software Foundation.
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse *
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
d86ef5503dcbc38e87c0e03cd3e1f16458cb6323rse * SUCH DAMAGE.
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * ====================================================================
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse */
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                             /* ``Every day of my life
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                                  I am forced to add another
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                                  name to the list of people
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                                  who piss me off!''
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                                            -- Calvin          */
e18e68b42830409bf48de0df9eed3fe363664aa7aaron
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse#include "mod_ssl.h"
8464a9c46b967001e38fe3c8afff51a649e9de51dougm#include "ap_mpm.h"
579fd9e90990eee18b5e504eb4c0d2ce18f76208aaron#include "apr_thread_mutex.h"
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse/*  _________________________________________________________________
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**  Utility Functions
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**  _________________________________________________________________
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse*/
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rsechar *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *id;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    SSLSrvConfigRec *sc;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *host;
05413593151a238718198cc04ca849b2426be106rse    apr_port_t port;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    host = s->server_hostname;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    if (s->port != 0)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        port = s->port;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    else {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        sc = mySrvConfig(s);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        if (sc->bEnabled)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            port = DEFAULT_HTTPS_PORT;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        else
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            port = DEFAULT_HTTP_PORT;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
05413593151a238718198cc04ca849b2426be106rse    id = apr_psprintf(p, "%s:%lu", host, (unsigned long)port);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return id;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrsevoid ssl_util_strupper(char *s)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    for (; *s; ++s)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        *s = apr_toupper(*s);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrsestatic const char ssl_util_uuencode_six2pr[64+1] =
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrsevoid ssl_util_uuencode(char *szTo, const char *szFrom, BOOL bPad)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    ssl_util_uuencode_binary((unsigned char *)szTo,
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                             (const unsigned char *)szFrom,
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                             strlen(szFrom), bPad);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
421d9002d73db52972bcca8f4497fe5d603b6b8eaaronvoid ssl_util_uuencode_binary(unsigned char *szTo,
421d9002d73db52972bcca8f4497fe5d603b6b8eaaron                              const unsigned char *szFrom,
421d9002d73db52972bcca8f4497fe5d603b6b8eaaron                              int nLength, BOOL bPad)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    const unsigned char *s;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    int nPad = 0;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    for (s = szFrom; nLength > 0; s += 3) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        *szTo++ = ssl_util_uuencode_six2pr[s[0] >> 2];
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        *szTo++ = ssl_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f];
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        if (--nLength == 0) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            nPad = 2;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        *szTo++ = ssl_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f];
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        if (--nLength == 0) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            nPad = 1;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        *szTo++ = ssl_util_uuencode_six2pr[s[2] & 0x3f];
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        --nLength;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
421d9002d73db52972bcca8f4497fe5d603b6b8eaaron    while(bPad && nPad--) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        *szTo++ = NUL;
421d9002d73db52972bcca8f4497fe5d603b6b8eaaron    }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    *szTo = NUL;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
87a1c79b7b37702a254920ca5214fb282a4fb085dougmapr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
87a1c79b7b37702a254920ca5214fb282a4fb085dougm                            const char * const *argv)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_procattr_t *procattr;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_proc_t *proc;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (apr_procattr_create(&procattr, p) != APR_SUCCESS)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return NULL;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK,
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse                            APR_FULL_BLOCK) != APR_SUCCESS)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (apr_procattr_dir_set(procattr,
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse                             ap_make_dirstr_parent(p, cmd)) != APR_SUCCESS)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (apr_procattr_cmdtype_set(procattr, APR_PROGRAM) != APR_SUCCESS)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if ((proc = (apr_proc_t *)apr_pcalloc(p, sizeof(apr_proc_t))) == NULL)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
87a1c79b7b37702a254920ca5214fb282a4fb085dougm    if (apr_proc_create(proc, cmd, argv, NULL, procattr, p) != APR_SUCCESS)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    return proc->out;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rsevoid ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_file_close(fp);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse/*
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * Run a filter program and read the first line of its stdout output
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse */
87a1c79b7b37702a254920ca5214fb282a4fb085dougmchar *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
87a1c79b7b37702a254920ca5214fb282a4fb085dougm                          const char * const *argv)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    static char buf[MAX_STRING_LEN];
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_file_t *fp;
87a1c79b7b37702a254920ca5214fb282a4fb085dougm    apr_size_t nbytes = 1;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char c;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    int k;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
87a1c79b7b37702a254920ca5214fb282a4fb085dougm    if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return NULL;
87a1c79b7b37702a254920ca5214fb282a4fb085dougm    /* XXX: we are reading 1 byte at a time here */
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse                && nbytes == 1 && (k < MAX_STRING_LEN-1)     ; ) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        if (c == '\n' || c == '\r')
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        buf[k++] = c;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    buf[k] = NUL;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    ssl_util_ppclose(s, p, fp);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return buf;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
03181bdde77be8e10ed297a02db5d8f98ecb703ewroweBOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_finfo_t finfo;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    if (path == NULL)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (pcm & SSL_PCM_EXISTS && apr_stat(&finfo, path,
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse                                APR_FINFO_TYPE|APR_FINFO_SIZE, p) != 0)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (pcm & SSL_PCM_ISREG && finfo.filetype != APR_REG)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (pcm & SSL_PCM_ISDIR && finfo.filetype != APR_DIR)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (pcm & SSL_PCM_ISNONZERO && finfo.size <= 0)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return TRUE;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrsessl_algo_t ssl_util_algotypeof(X509 *pCert, EVP_PKEY *pKey)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    ssl_algo_t t;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    t = SSL_ALGO_UNKNOWN;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    if (pCert != NULL)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        pKey = X509_get_pubkey(pCert);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    if (pKey != NULL) {
7f683bb300df767164724ebc664f339ac396b434dougm        switch (EVP_PKEY_key_type(pKey)) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            case EVP_PKEY_RSA:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                t = SSL_ALGO_RSA;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            case EVP_PKEY_DSA:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                t = SSL_ALGO_DSA;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            default:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return t;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrsechar *ssl_util_algotypestr(ssl_algo_t t)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *cp;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    cp = "UNKNOWN";
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    switch (t) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        case SSL_ALGO_RSA:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            cp = "RSA";
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        case SSL_ALGO_DSA:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            cp = "DSA";
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        default:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return cp;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
421d9002d73db52972bcca8f4497fe5d603b6b8eaaronchar *ssl_util_ptxtsub(apr_pool_t *p, const char *cpLine,
421d9002d73db52972bcca8f4497fe5d603b6b8eaaron                       const char *cpMatch, char *cpSubst)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse#define MAX_PTXTSUB 100
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *cppMatch[MAX_PTXTSUB];
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *cpResult;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    int nResult;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    int nLine;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    int nSubst;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    int nMatch;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *cpI;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *cpO;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *cp;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    int i;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    /*
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse     * Pass 1: find substitution locations and calculate sizes
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse     */
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    nLine  = strlen(cpLine);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    nMatch = strlen(cpMatch);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    nSubst = strlen(cpSubst);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    for (cpI = (char *)cpLine, i = 0, nResult = 0;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse         cpI < cpLine+nLine && i < MAX_PTXTSUB;    ) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        if ((cp = strstr(cpI, cpMatch)) != NULL) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            cppMatch[i++] = cp;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            nResult += ((cp-cpI)+nSubst);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            cpI = (cp+nMatch);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        else {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            nResult += strlen(cpI);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    cppMatch[i] = NULL;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    if (i == 0)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return NULL;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    /*
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse     * Pass 2: allocate memory and assemble result
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse     */
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    cpResult = apr_pcalloc(p, nResult+1);
421d9002d73db52972bcca8f4497fe5d603b6b8eaaron    for (cpI = (char *)cpLine, cpO = cpResult, i = 0;
421d9002d73db52972bcca8f4497fe5d603b6b8eaaron         cppMatch[i] != NULL;
421d9002d73db52972bcca8f4497fe5d603b6b8eaaron         i++) {
184f5da95d14895f7f33c90b8b8f70653afb0d92wrowe        apr_cpystrn(cpO, cpI, cppMatch[i]-cpI+1);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        cpO += (cppMatch[i]-cpI);
184f5da95d14895f7f33c90b8b8f70653afb0d92wrowe        apr_cpystrn(cpO, cpSubst, nSubst+1);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        cpO += nSubst;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        cpI = (cppMatch[i]+nMatch);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_cpystrn(cpO, cpI, cpResult+nResult-cpO+1);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return cpResult;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
a0e0d20b666cfc453ac76506079eb50e03997eefdougm/*
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * certain key and cert data needs to survive restarts,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * which are stored in the user data table of s->process->pool.
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * to prevent "leaking" of this data, we use malloc/free
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * rather than apr_palloc and these wrappers to help make sure
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * we do not leak the malloc-ed data.
a0e0d20b666cfc453ac76506079eb50e03997eefdougm */
a0e0d20b666cfc453ac76506079eb50e03997eefdougmunsigned char *ssl_asn1_table_set(apr_hash_t *table,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm                                  const char *key,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm                                  long int length)
a0e0d20b666cfc453ac76506079eb50e03997eefdougm{
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    apr_ssize_t klen = strlen(key);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    /*
a0e0d20b666cfc453ac76506079eb50e03997eefdougm     * if a value for this key already exists,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm     * reuse as much of the already malloc-ed data
a0e0d20b666cfc453ac76506079eb50e03997eefdougm     * as possible.
a0e0d20b666cfc453ac76506079eb50e03997eefdougm     */
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    if (asn1) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        if (asn1->nData != length) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm            free(asn1->cpData); /* XXX: realloc? */
a0e0d20b666cfc453ac76506079eb50e03997eefdougm            asn1->cpData = NULL;
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    else {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        asn1 = malloc(sizeof(*asn1));
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        asn1->source_mtime = 0; /* used as a note for encrypted private keys */
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        asn1->cpData = NULL;
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    asn1->nData = length;
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    if (!asn1->cpData) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        asn1->cpData = malloc(length);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    apr_hash_set(table, key, klen, asn1);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    return asn1->cpData; /* caller will assign a value to this */
a0e0d20b666cfc453ac76506079eb50e03997eefdougm}
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougmssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm                               const char *key)
a0e0d20b666cfc453ac76506079eb50e03997eefdougm{
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    return (ssl_asn1_t *)apr_hash_get(table, key, APR_HASH_KEY_STRING);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm}
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougmvoid ssl_asn1_table_unset(apr_hash_t *table,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm                          const char *key)
a0e0d20b666cfc453ac76506079eb50e03997eefdougm{
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    apr_ssize_t klen = strlen(key);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    if (!asn1) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        return;
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    if (asn1->cpData) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        free(asn1->cpData);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    free(asn1);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    apr_hash_set(table, key, klen, NULL);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm}
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
22357f10585a847ebf7b084cbe1db07ba071aeb6dougmstatic const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm
dd7c683f683624b082d430935b594df7406782c2dougmconst char *ssl_asn1_keystr(int keytype)
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm{
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm    if (keytype >= SSL_AIDX_MAX) {
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm        return NULL;
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm    }
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm
dd7c683f683624b082d430935b594df7406782c2dougm    return ssl_asn1_key_types[keytype];
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm}
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm
dd7c683f683624b082d430935b594df7406782c2dougmconst char *ssl_asn1_table_keyfmt(apr_pool_t *p,
dd7c683f683624b082d430935b594df7406782c2dougm                                  const char *id,
dd7c683f683624b082d430935b594df7406782c2dougm                                  int keytype)
dd7c683f683624b082d430935b594df7406782c2dougm{
dd7c683f683624b082d430935b594df7406782c2dougm    const char *keystr = ssl_asn1_keystr(keytype);
dd7c683f683624b082d430935b594df7406782c2dougm
dd7c683f683624b082d430935b594df7406782c2dougm    return apr_pstrcat(p, id, ":", keystr, NULL);
dd7c683f683624b082d430935b594df7406782c2dougm}
dd7c683f683624b082d430935b594df7406782c2dougm
dd7c683f683624b082d430935b594df7406782c2dougm
6a26d195dfba3a91f8352cabd4547afa77675bb1aaron#if APR_HAS_THREADS
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm/*
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm * To ensure thread-safetyness in OpenSSL - work in progress
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm */
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
e18e68b42830409bf48de0df9eed3fe363664aa7aaronstatic apr_thread_mutex_t **lock_cs;
0ccb8cf8cbc291aca5e8da62cde6cc6948e2081eben/* FIXME: CRYPTO_NUM_LOCKS may vary between releases - replace with
0ccb8cf8cbc291aca5e8da62cde6cc6948e2081eben   CRYPT_num_locks() [Ben, Jan 2002] */
e18e68b42830409bf48de0df9eed3fe363664aa7aaronstatic long                 lock_count[CRYPTO_NUM_LOCKS];
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
d54a31567fc49f1841d27a14796ae726016c54aadougmstatic void ssl_util_thr_lock(int mode, int type,
d54a31567fc49f1841d27a14796ae726016c54aadougm                              MODSSL_CRYPTO_CB_ARG_TYPE *file,
d54a31567fc49f1841d27a14796ae726016c54aadougm                              int line)
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm{
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    if (mode & CRYPTO_LOCK) {
e18e68b42830409bf48de0df9eed3fe363664aa7aaron        apr_thread_mutex_lock(lock_cs[type]);
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm        lock_count[type]++;
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    }
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    else {
e18e68b42830409bf48de0df9eed3fe363664aa7aaron        apr_thread_mutex_unlock(lock_cs[type]);
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    }
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm}
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
dd9940ba9b4d9c09f034b910d1569db4a5111c75dougmstatic unsigned long ssl_util_thr_id(void)
e62985c7a1b46a5036a247f35bddac1308985758dougm{
e62985c7a1b46a5036a247f35bddac1308985758dougm    return (unsigned long) apr_os_thread_current();
e62985c7a1b46a5036a247f35bddac1308985758dougm}
e62985c7a1b46a5036a247f35bddac1308985758dougm
8464a9c46b967001e38fe3c8afff51a649e9de51dougmstatic apr_status_t ssl_util_thread_cleanup(void *data)
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm{
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    int i;
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    CRYPTO_set_locking_callback(NULL);
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
8464a9c46b967001e38fe3c8afff51a649e9de51dougm    for (i = 0; i < CRYPTO_NUM_LOCKS; i++) {
e18e68b42830409bf48de0df9eed3fe363664aa7aaron        apr_thread_mutex_destroy(lock_cs[i]);
8464a9c46b967001e38fe3c8afff51a649e9de51dougm    }
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    return APR_SUCCESS;
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm}
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
d94fd18ee21dc9b8c1f422144a881e941687d41fdougmvoid ssl_util_thread_setup(server_rec *s, apr_pool_t *p)
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm{
8464a9c46b967001e38fe3c8afff51a649e9de51dougm    int i, threaded_mpm;
e18e68b42830409bf48de0df9eed3fe363664aa7aaron    /* This variable is not used? -aaron
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    SSLModConfigRec *mc = myModConfig(s);
e18e68b42830409bf48de0df9eed3fe363664aa7aaron    */
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
8464a9c46b967001e38fe3c8afff51a649e9de51dougm    ap_mpm_query(AP_MPMQ_IS_THREADED, &threaded_mpm);
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
8464a9c46b967001e38fe3c8afff51a649e9de51dougm    if (!threaded_mpm) {
8464a9c46b967001e38fe3c8afff51a649e9de51dougm        return;
8464a9c46b967001e38fe3c8afff51a649e9de51dougm    }
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
e18e68b42830409bf48de0df9eed3fe363664aa7aaron    lock_cs = apr_palloc(p, CRYPTO_NUM_LOCKS * sizeof(apr_thread_mutex_t *));
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
8464a9c46b967001e38fe3c8afff51a649e9de51dougm    /*
8464a9c46b967001e38fe3c8afff51a649e9de51dougm     * XXX: CRYPTO_NUM_LOCKS == 28
8464a9c46b967001e38fe3c8afff51a649e9de51dougm     * should determine if there are lock types we do not need
8464a9c46b967001e38fe3c8afff51a649e9de51dougm     * for example: debug_malloc, debug_malloc2 (see crypto/cryptlib.c)
8464a9c46b967001e38fe3c8afff51a649e9de51dougm     */
8464a9c46b967001e38fe3c8afff51a649e9de51dougm    for (i = 0; i < CRYPTO_NUM_LOCKS; i++) {
e18e68b42830409bf48de0df9eed3fe363664aa7aaron        lock_count[i] = 0;
e18e68b42830409bf48de0df9eed3fe363664aa7aaron        /* XXX: Can we remove the lock_count now that apr_thread_mutex_t
e18e68b42830409bf48de0df9eed3fe363664aa7aaron         * can support nested (aka recursive) locks? -aaron */
e18e68b42830409bf48de0df9eed3fe363664aa7aaron        apr_thread_mutex_create(&(lock_cs[i]), APR_THREAD_MUTEX_DEFAULT, p);
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    }
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
e62985c7a1b46a5036a247f35bddac1308985758dougm    CRYPTO_set_id_callback(ssl_util_thr_id);
9e530d1e49062250c345bfd45810e145b4f435eddougm
e62985c7a1b46a5036a247f35bddac1308985758dougm    CRYPTO_set_locking_callback(ssl_util_thr_lock);
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    apr_pool_cleanup_register(p, NULL,
8464a9c46b967001e38fe3c8afff51a649e9de51dougm                              ssl_util_thread_cleanup,
8464a9c46b967001e38fe3c8afff51a649e9de51dougm                              apr_pool_cleanup_null);
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm}
6a26d195dfba3a91f8352cabd4547afa77675bb1aaron#endif