modules/ssl/ssl_util.c

	ssl_util.c revision e8f95a682820a599fe41b22977010636be5c2717
08cb74ca432a8c24e39f17dedce527e6a47b8001jerenkrantz/* Copyright 2001-2005 The Apache Software Foundation or its licensors, as
08cb74ca432a8c24e39f17dedce527e6a47b8001jerenkrantz * applicable.
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * Licensed under the Apache License, Version 2.0 (the "License");
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * you may not use this file except in compliance with the License.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * You may obtain a copy of the License at
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd *     http://www.apache.org/licenses/LICENSE-2.0
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse *
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * Unless required by applicable law or agreed to in writing, software
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * distributed under the License is distributed on an "AS IS" BASIS,
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * See the License for the specific language governing permissions and
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * limitations under the License.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd */
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd/*                      _             _
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * | | | | | | (_) | (_| |   \__ \__ \ |
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * |_| |_| |_|\___/ \__,_|___|___/___/_|
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd *                      |_____|
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd *  ssl_util.c
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd *  Utility Functions
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse */
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                             /* ``Every day of my life
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                                  I am forced to add another
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                                  name to the list of people
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                                  who piss me off!''
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                                            -- Calvin          */
e18e68b42830409bf48de0df9eed3fe363664aa7aaron
70535d6421eb979ac79d8f49d31cd94d75dd8b2fjorton#include "ssl_private.h"
8464a9c46b967001e38fe3c8afff51a649e9de51dougm#include "ap_mpm.h"
579fd9e90990eee18b5e504eb4c0d2ce18f76208aaron#include "apr_thread_mutex.h"
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse/*  _________________________________________________________________
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**  Utility Functions
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse**  _________________________________________________________________
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse*/
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rsechar *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *id;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    SSLSrvConfigRec *sc;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *host;
05413593151a238718198cc04ca849b2426be106rse    apr_port_t port;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    host = s->server_hostname;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    if (s->port != 0)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        port = s->port;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    else {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        sc = mySrvConfig(s);
434ad3e8e769a6a7a78c15f3ae2f7ae3adbfbb49wrowe        if (sc->enabled == TRUE)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            port = DEFAULT_HTTPS_PORT;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        else
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            port = DEFAULT_HTTP_PORT;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
05413593151a238718198cc04ca849b2426be106rse    id = apr_psprintf(p, "%s:%lu", host, (unsigned long)port);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return id;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
87a1c79b7b37702a254920ca5214fb282a4fb085dougmapr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
87a1c79b7b37702a254920ca5214fb282a4fb085dougm                            const char * const *argv)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_procattr_t *procattr;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_proc_t *proc;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
e8f95a682820a599fe41b22977010636be5c2717jim    if (apr_procattr_create(&procattr, p) != APR_SUCCESS)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return NULL;
e8f95a682820a599fe41b22977010636be5c2717jim    if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK,
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse                            APR_FULL_BLOCK) != APR_SUCCESS)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
e8f95a682820a599fe41b22977010636be5c2717jim    if (apr_procattr_dir_set(procattr,
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse                             ap_make_dirstr_parent(p, cmd)) != APR_SUCCESS)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (apr_procattr_cmdtype_set(procattr, APR_PROGRAM) != APR_SUCCESS)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if ((proc = (apr_proc_t *)apr_pcalloc(p, sizeof(apr_proc_t))) == NULL)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
87a1c79b7b37702a254920ca5214fb282a4fb085dougm    if (apr_proc_create(proc, cmd, argv, NULL, procattr, p) != APR_SUCCESS)
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse        return NULL;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    return proc->out;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rsevoid ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_file_close(fp);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse/*
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * Run a filter program and read the first line of its stdout output
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse */
87a1c79b7b37702a254920ca5214fb282a4fb085dougmchar *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
87a1c79b7b37702a254920ca5214fb282a4fb085dougm                          const char * const *argv)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    static char buf[MAX_STRING_LEN];
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_file_t *fp;
87a1c79b7b37702a254920ca5214fb282a4fb085dougm    apr_size_t nbytes = 1;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char c;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    int k;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
87a1c79b7b37702a254920ca5214fb282a4fb085dougm    if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return NULL;
87a1c79b7b37702a254920ca5214fb282a4fb085dougm    /* XXX: we are reading 1 byte at a time here */
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse                && nbytes == 1 && (k < MAX_STRING_LEN-1)     ; ) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        if (c == '\n' || c == '\r')
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        buf[k++] = c;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    buf[k] = NUL;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    ssl_util_ppclose(s, p, fp);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return buf;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
03181bdde77be8e10ed297a02db5d8f98ecb703ewroweBOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    apr_finfo_t finfo;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    if (path == NULL)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
e8f95a682820a599fe41b22977010636be5c2717jim    if (pcm & SSL_PCM_EXISTS && apr_stat(&finfo, path,
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse                                APR_FINFO_TYPE|APR_FINFO_SIZE, p) != 0)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (pcm & SSL_PCM_ISREG && finfo.filetype != APR_REG)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (pcm & SSL_PCM_ISDIR && finfo.filetype != APR_DIR)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
bb0b94431dc9a1591a0a38a6c48925c6d9213c83rse    if (pcm & SSL_PCM_ISNONZERO && finfo.size <= 0)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        return FALSE;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return TRUE;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
e8f95a682820a599fe41b22977010636be5c2717jimssl_algo_t ssl_util_algotypeof(X509 *pCert, EVP_PKEY *pKey)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    ssl_algo_t t;
14099c5540ce39114b5501a71ff96e40f48efc4bmartin    EVP_PKEY *pFreeKey = NULL;
e8f95a682820a599fe41b22977010636be5c2717jim
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    t = SSL_ALGO_UNKNOWN;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    if (pCert != NULL)
14099c5540ce39114b5501a71ff96e40f48efc4bmartin        pFreeKey = pKey = X509_get_pubkey(pCert);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    if (pKey != NULL) {
7f683bb300df767164724ebc664f339ac396b434dougm        switch (EVP_PKEY_key_type(pKey)) {
e8f95a682820a599fe41b22977010636be5c2717jim            case EVP_PKEY_RSA:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                t = SSL_ALGO_RSA;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                break;
e8f95a682820a599fe41b22977010636be5c2717jim            case EVP_PKEY_DSA:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                t = SSL_ALGO_DSA;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            default:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse                break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
14099c5540ce39114b5501a71ff96e40f48efc4bmartin#ifdef OPENSSL_VERSION_NUMBER
14099c5540ce39114b5501a71ff96e40f48efc4bmartin    /* Only refcounted in OpenSSL */
14099c5540ce39114b5501a71ff96e40f48efc4bmartin    if (pFreeKey != NULL)
14099c5540ce39114b5501a71ff96e40f48efc4bmartin        EVP_PKEY_free(pFreeKey);
14099c5540ce39114b5501a71ff96e40f48efc4bmartin#endif
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return t;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
e8f95a682820a599fe41b22977010636be5c2717jimchar *ssl_util_algotypestr(ssl_algo_t t)
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse{
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    char *cp;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    cp = "UNKNOWN";
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    switch (t) {
e8f95a682820a599fe41b22977010636be5c2717jim        case SSL_ALGO_RSA:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            cp = "RSA";
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
e8f95a682820a599fe41b22977010636be5c2717jim        case SSL_ALGO_DSA:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            cp = "DSA";
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse        default:
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse            break;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse    return cp;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse}
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
a0e0d20b666cfc453ac76506079eb50e03997eefdougm/*
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * certain key and cert data needs to survive restarts,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * which are stored in the user data table of s->process->pool.
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * to prevent "leaking" of this data, we use malloc/free
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * rather than apr_palloc and these wrappers to help make sure
a0e0d20b666cfc453ac76506079eb50e03997eefdougm * we do not leak the malloc-ed data.
a0e0d20b666cfc453ac76506079eb50e03997eefdougm */
a0e0d20b666cfc453ac76506079eb50e03997eefdougmunsigned char *ssl_asn1_table_set(apr_hash_t *table,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm                                  const char *key,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm                                  long int length)
a0e0d20b666cfc453ac76506079eb50e03997eefdougm{
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    apr_ssize_t klen = strlen(key);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    /*
a0e0d20b666cfc453ac76506079eb50e03997eefdougm     * if a value for this key already exists,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm     * reuse as much of the already malloc-ed data
a0e0d20b666cfc453ac76506079eb50e03997eefdougm     * as possible.
a0e0d20b666cfc453ac76506079eb50e03997eefdougm     */
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    if (asn1) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        if (asn1->nData != length) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm            free(asn1->cpData); /* XXX: realloc? */
a0e0d20b666cfc453ac76506079eb50e03997eefdougm            asn1->cpData = NULL;
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    else {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        asn1 = malloc(sizeof(*asn1));
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        asn1->source_mtime = 0; /* used as a note for encrypted private keys */
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        asn1->cpData = NULL;
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    asn1->nData = length;
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    if (!asn1->cpData) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        asn1->cpData = malloc(length);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    apr_hash_set(table, key, klen, asn1);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    return asn1->cpData; /* caller will assign a value to this */
a0e0d20b666cfc453ac76506079eb50e03997eefdougm}
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougmssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm                               const char *key)
a0e0d20b666cfc453ac76506079eb50e03997eefdougm{
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    return (ssl_asn1_t *)apr_hash_get(table, key, APR_HASH_KEY_STRING);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm}
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougmvoid ssl_asn1_table_unset(apr_hash_t *table,
a0e0d20b666cfc453ac76506079eb50e03997eefdougm                          const char *key)
a0e0d20b666cfc453ac76506079eb50e03997eefdougm{
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    apr_ssize_t klen = strlen(key);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    if (!asn1) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        return;
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    if (asn1->cpData) {
a0e0d20b666cfc453ac76506079eb50e03997eefdougm        free(asn1->cpData);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    }
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    free(asn1);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
a0e0d20b666cfc453ac76506079eb50e03997eefdougm    apr_hash_set(table, key, klen, NULL);
a0e0d20b666cfc453ac76506079eb50e03997eefdougm}
a0e0d20b666cfc453ac76506079eb50e03997eefdougm
22357f10585a847ebf7b084cbe1db07ba071aeb6dougmstatic const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm
dd7c683f683624b082d430935b594df7406782c2dougmconst char *ssl_asn1_keystr(int keytype)
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm{
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm    if (keytype >= SSL_AIDX_MAX) {
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm        return NULL;
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm    }
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm
dd7c683f683624b082d430935b594df7406782c2dougm    return ssl_asn1_key_types[keytype];
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm}
22357f10585a847ebf7b084cbe1db07ba071aeb6dougm
dd7c683f683624b082d430935b594df7406782c2dougmconst char *ssl_asn1_table_keyfmt(apr_pool_t *p,
dd7c683f683624b082d430935b594df7406782c2dougm                                  const char *id,
dd7c683f683624b082d430935b594df7406782c2dougm                                  int keytype)
dd7c683f683624b082d430935b594df7406782c2dougm{
dd7c683f683624b082d430935b594df7406782c2dougm    const char *keystr = ssl_asn1_keystr(keytype);
dd7c683f683624b082d430935b594df7406782c2dougm
dd7c683f683624b082d430935b594df7406782c2dougm    return apr_pstrcat(p, id, ":", keystr, NULL);
dd7c683f683624b082d430935b594df7406782c2dougm}
dd7c683f683624b082d430935b594df7406782c2dougm
dd7c683f683624b082d430935b594df7406782c2dougm
6a26d195dfba3a91f8352cabd4547afa77675bb1aaron#if APR_HAS_THREADS
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm/*
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm * To ensure thread-safetyness in OpenSSL - work in progress
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm */
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
e18e68b42830409bf48de0df9eed3fe363664aa7aaronstatic apr_thread_mutex_t **lock_cs;
3c65aa88903de7330a07e133dfda779842fadad4wrowestatic int                  lock_num_locks;
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
a1696119fa668c01957eea97a616fcbe95da9492wrowe#ifdef HAVE_SSLC
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe#if SSLC_VERSION_NUMBER >= 0x2000
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowestatic int ssl_util_thr_lock(int mode, int type,
6b441532f6ac4ebd1c4867ab5f8a0165247b178ewrowe                             char *file, int line)
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe#else
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowestatic void ssl_util_thr_lock(int mode, int type,
6b441532f6ac4ebd1c4867ab5f8a0165247b178ewrowe                              char *file, int line)
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe#endif
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe#else
d54a31567fc49f1841d27a14796ae726016c54aadougmstatic void ssl_util_thr_lock(int mode, int type,
3c65aa88903de7330a07e133dfda779842fadad4wrowe                              const char *file, int line)
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe#endif
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm{
3c65aa88903de7330a07e133dfda779842fadad4wrowe    if (type < lock_num_locks) {
3c65aa88903de7330a07e133dfda779842fadad4wrowe        if (mode & CRYPTO_LOCK) {
3c65aa88903de7330a07e133dfda779842fadad4wrowe            apr_thread_mutex_lock(lock_cs[type]);
3c65aa88903de7330a07e133dfda779842fadad4wrowe        }
3c65aa88903de7330a07e133dfda779842fadad4wrowe        else {
3c65aa88903de7330a07e133dfda779842fadad4wrowe            apr_thread_mutex_unlock(lock_cs[type]);
3c65aa88903de7330a07e133dfda779842fadad4wrowe        }
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe#ifdef HAVE_SSLC
a1696119fa668c01957eea97a616fcbe95da9492wrowe#if SSLC_VERSION_NUMBER >= 0x2000
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe        return 1;
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe    }
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe    else {
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe        return -1;
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe#endif
b40799adcfd0f0a2a465c2934585986f7bbc9bbcwrowe#endif
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    }
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm}
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
dd9940ba9b4d9c09f034b910d1569db4a5111c75dougmstatic unsigned long ssl_util_thr_id(void)
e62985c7a1b46a5036a247f35bddac1308985758dougm{
e8f95a682820a599fe41b22977010636be5c2717jim    /* OpenSSL needs this to return an unsigned long.  On OS/390, the pthread
e8f95a682820a599fe41b22977010636be5c2717jim     * id is a structure twice that big.  Use the TCB pointer instead as a
98f81eac9530d487f05013cda9df99755bb59689trawick     * unique unsigned long.
98f81eac9530d487f05013cda9df99755bb59689trawick     */
98f81eac9530d487f05013cda9df99755bb59689trawick#ifdef __MVS__
98f81eac9530d487f05013cda9df99755bb59689trawick    struct PSA {
98f81eac9530d487f05013cda9df99755bb59689trawick        char unmapped[540];
98f81eac9530d487f05013cda9df99755bb59689trawick        unsigned long PSATOLD;
98f81eac9530d487f05013cda9df99755bb59689trawick    } *psaptr = 0;
98f81eac9530d487f05013cda9df99755bb59689trawick
98f81eac9530d487f05013cda9df99755bb59689trawick    return psaptr->PSATOLD;
98f81eac9530d487f05013cda9df99755bb59689trawick#else
e62985c7a1b46a5036a247f35bddac1308985758dougm    return (unsigned long) apr_os_thread_current();
98f81eac9530d487f05013cda9df99755bb59689trawick#endif
e62985c7a1b46a5036a247f35bddac1308985758dougm}
e62985c7a1b46a5036a247f35bddac1308985758dougm
8464a9c46b967001e38fe3c8afff51a649e9de51dougmstatic apr_status_t ssl_util_thread_cleanup(void *data)
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm{
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    CRYPTO_set_locking_callback(NULL);
462f3213ebe7eb2a3527530497d0428e2298a034jorton    CRYPTO_set_id_callback(NULL);
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
e8f95a682820a599fe41b22977010636be5c2717jim    /* Let the registered mutex cleanups do their own thing
3c65aa88903de7330a07e133dfda779842fadad4wrowe     */
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    return APR_SUCCESS;
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm}
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
3c65aa88903de7330a07e133dfda779842fadad4wrowevoid ssl_util_thread_setup(apr_pool_t *p)
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm{
3c65aa88903de7330a07e133dfda779842fadad4wrowe    int i;
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
3c65aa88903de7330a07e133dfda779842fadad4wrowe    lock_num_locks = CRYPTO_num_locks();
3c65aa88903de7330a07e133dfda779842fadad4wrowe    lock_cs = apr_palloc(p, lock_num_locks * sizeof(*lock_cs));
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
3c65aa88903de7330a07e133dfda779842fadad4wrowe    for (i = 0; i < lock_num_locks; i++) {
e18e68b42830409bf48de0df9eed3fe363664aa7aaron        apr_thread_mutex_create(&(lock_cs[i]), APR_THREAD_MUTEX_DEFAULT, p);
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm    }
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm
e62985c7a1b46a5036a247f35bddac1308985758dougm    CRYPTO_set_id_callback(ssl_util_thr_id);
9e530d1e49062250c345bfd45810e145b4f435eddougm
e62985c7a1b46a5036a247f35bddac1308985758dougm    CRYPTO_set_locking_callback(ssl_util_thr_lock);
8464a9c46b967001e38fe3c8afff51a649e9de51dougm
3c65aa88903de7330a07e133dfda779842fadad4wrowe    apr_pool_cleanup_register(p, NULL, ssl_util_thread_cleanup,
3c65aa88903de7330a07e133dfda779842fadad4wrowe                                       apr_pool_cleanup_null);
d94fd18ee21dc9b8c1f422144a881e941687d41fdougm}
6a26d195dfba3a91f8352cabd4547afa77675bb1aaron#endif