/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License.
*/
/* _ _ * _ __ ___ ___ __| | ___ ___| | mod_ssl * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL * | | | | | | (_) | (_| | \__ \__ \ | * |_| |_| |_|\___/ \__,_|___|___/___/_| * |_____| * ssl_util.c * Utility Functions
*/ /* ``Every day of my life I am forced to add another name to the list of people who piss me off!''
-- Calvin */
/* * Return TRUE iff the given servername matches the server record when * selecting virtual hosts.
*/ BOOL ssl_util_vhost_matches(constchar *servername, server_rec *s)
{
apr_array_header_t *names; int i;
/* check ServerName */ if (!strcasecmp(servername, s->server_hostname)) { returnTRUE;
}
/* * if not matched yet, check ServerAlias entries * (adapted from vhost.c:matches_aliases())
*/
names = s->names; if (names) { char **name = (char **)names->elts; for (i = 0; i < names->nelts; ++i) { if (!name[i]) continue; if (!strcasecmp(servername, name[i])) { returnTRUE;
}
}
}
/* if still no match, check ServerAlias entries with wildcards */
names = s->wild_names; if (names) { char **name = (char **)names->elts; for (i = 0; i < names->nelts; ++i) { if (!name[i]) continue; if (!ap_strcasecmp_match(servername, name[i])) { returnTRUE;
}
}
}
/* * Run a filter program and read the first line of its stdout output
*/ char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, constchar *cmd, constchar * const *argv)
{ staticchar buf[MAX_STRING_LEN];
apr_file_t *fp;
apr_size_t nbytes = 1; char c; int k;
if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL) return NULL; /* XXX: we are reading 1 byte at a time here */ for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
&& nbytes == 1 && (k < MAX_STRING_LEN-1) ; ) { if (c == '\n' || c == '\r') break;
buf[k++] = c;
}
buf[k] = NUL;
ssl_util_ppclose(s, p, fp);
/* Decrypted private keys are cached to survive restarts. The cached * data must have lifetime of the process (hence malloc/free rather * than pools), and uses raw DER since the EVP_PKEY structure
* internals may not survive across a module reload. */
ssl_asn1_t *ssl_asn1_table_set(apr_hash_t *table, constchar *key,
EVP_PKEY *pkey)
{
apr_ssize_t klen = strlen(key);
ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
apr_size_t length = i2d_PrivateKey(pkey, NULL); unsignedchar *p;
/* Re-use structure if cached previously. */ if (asn1) { if (asn1->nData != length) {
asn1->cpData = ap_realloc(asn1->cpData, length);
}
} else {
asn1 = ap_malloc(sizeof(*asn1));
asn1->source_mtime = 0; /* used as a note for encrypted private keys */
asn1->cpData = ap_malloc(length);
apr_hash_set(table, key, klen, asn1);
}
asn1->nData = length;
p = asn1->cpData;
i2d_PrivateKey(pkey, &p); /* increases p by length */
/* * We need a pool to allocate our mutex. Since we can't clear * allocated memory from a pool, create a subpool that we can blow * away in the destruction callback.
*/
apr_pool_create(&p, dynlockpool);
apr_pool_tag(p, "modssl_dynlock_value");
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_TRACE1, 0, p, "Creating dynamic lock");
value = apr_palloc(p, sizeof(struct CRYPTO_dynlock_value));
value->pool = p; /* Keep our own copy of the place from which we were created,
using our own pool. */
value->file = apr_pstrdup(p, file);
value->line = line;
rv = apr_thread_mutex_create(&(value->mutex), APR_THREAD_MUTEX_DEFAULT,
p); if (rv != APR_SUCCESS) {
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_ERR, rv, p, APLOGNO(02186) "Failed to create thread mutex for dynamic lock");
apr_pool_destroy(p); return NULL;
} return value;
}
/* Trust that whomever owned the CRYPTO_dynlock_value we were * passed has no future use for it...
*/
apr_pool_destroy(l->pool);
}
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
staticvoid ssl_util_thr_id(CRYPTO_THREADID *id)
{ /* OpenSSL needs this to return an unsigned long. On OS/390, the pthread * id is a structure twice that big. Use the TCB pointer instead as a * unique unsigned long.
*/ #ifdef __MVS__ struct PSA { char unmapped[540]; /* PSATOLD is at offset 540 in the PSA */ unsignedlong PSATOLD;
} *psaptr = 0; /* PSA is at address 0 */
staticunsignedlong ssl_util_thr_id(void)
{ /* OpenSSL needs this to return an unsigned long. On OS/390, the pthread * id is a structure twice that big. Use the TCB pointer instead as a * unique unsigned long.
*/ #ifdef __MVS__ struct PSA { char unmapped[540]; unsignedlong PSATOLD;
} *psaptr = 0;
for (i = 0; i < lock_num_locks; i++) {
apr_thread_mutex_create(&(lock_cs[i]), APR_THREAD_MUTEX_DEFAULT, p);
}
CRYPTO_set_locking_callback(ssl_util_thr_lock);
/* Set up dynamic locking scaffolding for OpenSSL to use at its * convenience.
*/
dynlockpool = p;
CRYPTO_set_dynlock_create_callback(ssl_dyn_create_function);
CRYPTO_set_dynlock_lock_callback(ssl_dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(ssl_dyn_destroy_function);
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
