mirror of
https://github.com/apache/httpd.git
synced 2025-08-10 02:56:11 +00:00
674752a723
Throw away the myCtxVar{Set,Get} abomination and introduce
a pphrase_cb_arg_t struct instead, for passing stuff between
ssl_pphrase_Handle and ssl_pphrase_Handle_CB. Prefer struct
members instead of using additional local variables, to make
the data flow more transparent. (Doesn't "vastly simplify"
the code yet, but hopefully we'll get there when further
stripping down ssl_pphrase_Handle.)
Remove the hardcoded algorithm-type dependency for the SSLCertificateFile
and SSLCertificateKeyFile directives, and deprecate SSLCertificateChainFile
Splitting the patch into smaller pieces turned out to be infeasible,
unfortunately, due to the heavily intertwined code in ssl_engine_config.c,
ssl_engine_init.c and ssl_engine_pphrase.c, which all depends on the
modssl_pk_server_t data structure. For better comprehensibility,
a detailed listing of the changes follows:
ssl_private.h
- drop the X509 certs and EVP_PKEY keys arrays from modssl_pk_server_t
- use apr_array_header_t for cert_files and key_files
- drop tPublicCert from SSLModConfigRec
- drop the ssl_algo_t struct and the SSL_ALGO_* and SSL_AIDX_* constants
ssl_engine_config.c
- change to apr_array_header_t for SSLCertificate[Key]File
- drop ssl_cmd_check_aidx_max, i.e. allow an arbitrary number of certs
and keys (in theory; currently OpenSSL does not support more than
one cert/key per algorithm type)
- add deprecation warning for SSLCertificateChainFile
ssl_engine_init.c
- configure server certs/keys in ssl_init_server_certs (no longer via
ssl_pphrase_Handle in ssl_init_Module)
- in ssl_init_server_certs, read in certificates and keys with standard
OpenSSL API functions (SSL_CTX_use_*_file), and only fall back to
ssl_load_encrypted_pkey when encountering an encrypted private key
- drop ssl_server_import_cert, ssl_server_import_key, ssl_init_server_check,
and ssl_init_ctx_cleanup_server
- move the "problematic re-initialization" check to ssl_init_server_ctx
ssl_engine_pphrase.c
- use servername:port:index as the key identifier, instead of the
previously used servername:port:algorithm
- ssl_pphrase_Handle overhaul: remove all cert/public-key handling,
make it only load a single (encrypted) private key, and rename
to ssl_load_encrypted_pkey
- in the passphrase prompt message, show the private key file name
instead of the vhost id and the algorithm name
- do no longer supply the algorithm name as an argument to "exec"-type
passphrase prompting programs
ssl_util.c
- drop ssl_util_algotypeof, ssl_util_algotypestr, ssl_asn1_keystr,
and ssl_asn1_table_keyfmt
ssl_util_ssl.{c,h}
- drop SSL_read_X509
- constify the filename arg for SSL_read_PrivateKey
CodeWarrior compiler doesnt allow vars as struct inits.
Remove per-certificate chain handling code (obsoleted by
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b9fa413a08d436d6b522749b5e808fcd931fd943)
make the ppcb_arg initialization a bit more uniform and easier to read
Followup fix for r1553824:
also pass the file name to ssl_load_encrypted_pkey, to make sure that we
retry with the same filename we used for SSL_CTX_use_PrivateKey_file first
With OpenSSL 1.0.2 or later, enable OCSP stapling in a loop based on
SSL_CTX_set_current_cert(), near the end of ssl_init_server_ctx.
update APLOGNO for r1564760
Submitted by: kbrand, fuankg, kbrand, kbrand, kbrand, kbrand, kbrand
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573360 13f79535-47bb-0310-9956-ffa450edef68
380 lines
11 KiB
C
380 lines
11 KiB
C
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright ownership.
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
* (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
/* _ _
|
|
* _ __ ___ ___ __| | ___ ___| | mod_ssl
|
|
* | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
|
|
* | | | | | | (_) | (_| | \__ \__ \ |
|
|
* |_| |_| |_|\___/ \__,_|___|___/___/_|
|
|
* |_____|
|
|
* ssl_util.c
|
|
* Utility Functions
|
|
*/
|
|
/* ``Every day of my life
|
|
I am forced to add another
|
|
name to the list of people
|
|
who piss me off!''
|
|
-- Calvin */
|
|
|
|
#include "ssl_private.h"
|
|
#include "ap_mpm.h"
|
|
#include "apr_thread_mutex.h"
|
|
|
|
/* _________________________________________________________________
|
|
**
|
|
** Utility Functions
|
|
** _________________________________________________________________
|
|
*/
|
|
|
|
char *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
|
|
{
|
|
char *id;
|
|
SSLSrvConfigRec *sc;
|
|
char *host;
|
|
apr_port_t port;
|
|
|
|
host = s->server_hostname;
|
|
if (s->port != 0)
|
|
port = s->port;
|
|
else {
|
|
sc = mySrvConfig(s);
|
|
if (sc->enabled == TRUE)
|
|
port = DEFAULT_HTTPS_PORT;
|
|
else
|
|
port = DEFAULT_HTTP_PORT;
|
|
}
|
|
id = apr_psprintf(p, "%s:%lu", host, (unsigned long)port);
|
|
return id;
|
|
}
|
|
|
|
apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
|
|
const char * const *argv)
|
|
{
|
|
apr_procattr_t *procattr;
|
|
apr_proc_t *proc;
|
|
|
|
if (apr_procattr_create(&procattr, p) != APR_SUCCESS)
|
|
return NULL;
|
|
if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK,
|
|
APR_FULL_BLOCK) != APR_SUCCESS)
|
|
return NULL;
|
|
if (apr_procattr_dir_set(procattr,
|
|
ap_make_dirstr_parent(p, cmd)) != APR_SUCCESS)
|
|
return NULL;
|
|
if (apr_procattr_cmdtype_set(procattr, APR_PROGRAM) != APR_SUCCESS)
|
|
return NULL;
|
|
proc = apr_pcalloc(p, sizeof(apr_proc_t));
|
|
if (apr_proc_create(proc, cmd, argv, NULL, procattr, p) != APR_SUCCESS)
|
|
return NULL;
|
|
return proc->out;
|
|
}
|
|
|
|
void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
|
|
{
|
|
apr_file_close(fp);
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* Run a filter program and read the first line of its stdout output
|
|
*/
|
|
char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
|
|
const char * const *argv)
|
|
{
|
|
static char buf[MAX_STRING_LEN];
|
|
apr_file_t *fp;
|
|
apr_size_t nbytes = 1;
|
|
char c;
|
|
int k;
|
|
|
|
if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL)
|
|
return NULL;
|
|
/* XXX: we are reading 1 byte at a time here */
|
|
for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
|
|
&& nbytes == 1 && (k < MAX_STRING_LEN-1) ; ) {
|
|
if (c == '\n' || c == '\r')
|
|
break;
|
|
buf[k++] = c;
|
|
}
|
|
buf[k] = NUL;
|
|
ssl_util_ppclose(s, p, fp);
|
|
|
|
return buf;
|
|
}
|
|
|
|
BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
|
|
{
|
|
apr_finfo_t finfo;
|
|
|
|
if (path == NULL)
|
|
return FALSE;
|
|
if (pcm & SSL_PCM_EXISTS && apr_stat(&finfo, path,
|
|
APR_FINFO_TYPE|APR_FINFO_SIZE, p) != 0)
|
|
return FALSE;
|
|
AP_DEBUG_ASSERT((pcm & SSL_PCM_EXISTS) ||
|
|
!(pcm & (SSL_PCM_ISREG|SSL_PCM_ISDIR|SSL_PCM_ISNONZERO)));
|
|
if (pcm & SSL_PCM_ISREG && finfo.filetype != APR_REG)
|
|
return FALSE;
|
|
if (pcm & SSL_PCM_ISDIR && finfo.filetype != APR_DIR)
|
|
return FALSE;
|
|
if (pcm & SSL_PCM_ISNONZERO && finfo.size <= 0)
|
|
return FALSE;
|
|
return TRUE;
|
|
}
|
|
|
|
/*
|
|
* certain key data needs to survive restarts,
|
|
* which are stored in the user data table of s->process->pool.
|
|
* to prevent "leaking" of this data, we use malloc/free
|
|
* rather than apr_palloc and these wrappers to help make sure
|
|
* we do not leak the malloc-ed data.
|
|
*/
|
|
unsigned char *ssl_asn1_table_set(apr_hash_t *table,
|
|
const char *key,
|
|
long int length)
|
|
{
|
|
apr_ssize_t klen = strlen(key);
|
|
ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
|
|
|
|
/*
|
|
* if a value for this key already exists,
|
|
* reuse as much of the already malloc-ed data
|
|
* as possible.
|
|
*/
|
|
if (asn1) {
|
|
if (asn1->nData != length) {
|
|
free(asn1->cpData); /* XXX: realloc? */
|
|
asn1->cpData = NULL;
|
|
}
|
|
}
|
|
else {
|
|
asn1 = ap_malloc(sizeof(*asn1));
|
|
asn1->source_mtime = 0; /* used as a note for encrypted private keys */
|
|
asn1->cpData = NULL;
|
|
}
|
|
|
|
asn1->nData = length;
|
|
if (!asn1->cpData) {
|
|
asn1->cpData = ap_malloc(length);
|
|
}
|
|
|
|
apr_hash_set(table, key, klen, asn1);
|
|
|
|
return asn1->cpData; /* caller will assign a value to this */
|
|
}
|
|
|
|
ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
|
|
const char *key)
|
|
{
|
|
return (ssl_asn1_t *)apr_hash_get(table, key, APR_HASH_KEY_STRING);
|
|
}
|
|
|
|
void ssl_asn1_table_unset(apr_hash_t *table,
|
|
const char *key)
|
|
{
|
|
apr_ssize_t klen = strlen(key);
|
|
ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
|
|
|
|
if (!asn1) {
|
|
return;
|
|
}
|
|
|
|
if (asn1->cpData) {
|
|
free(asn1->cpData);
|
|
}
|
|
free(asn1);
|
|
|
|
apr_hash_set(table, key, klen, NULL);
|
|
}
|
|
|
|
#if APR_HAS_THREADS
|
|
/*
|
|
* To ensure thread-safetyness in OpenSSL - work in progress
|
|
*/
|
|
|
|
static apr_thread_mutex_t **lock_cs;
|
|
static int lock_num_locks;
|
|
|
|
static void ssl_util_thr_lock(int mode, int type,
|
|
const char *file, int line)
|
|
{
|
|
if (type < lock_num_locks) {
|
|
if (mode & CRYPTO_LOCK) {
|
|
apr_thread_mutex_lock(lock_cs[type]);
|
|
}
|
|
else {
|
|
apr_thread_mutex_unlock(lock_cs[type]);
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Dynamic lock structure */
|
|
struct CRYPTO_dynlock_value {
|
|
apr_pool_t *pool;
|
|
const char* file;
|
|
int line;
|
|
apr_thread_mutex_t *mutex;
|
|
};
|
|
|
|
/* Global reference to the pool passed into ssl_util_thread_setup() */
|
|
apr_pool_t *dynlockpool = NULL;
|
|
|
|
/*
|
|
* Dynamic lock creation callback
|
|
*/
|
|
static struct CRYPTO_dynlock_value *ssl_dyn_create_function(const char *file,
|
|
int line)
|
|
{
|
|
struct CRYPTO_dynlock_value *value;
|
|
apr_pool_t *p;
|
|
apr_status_t rv;
|
|
|
|
/*
|
|
* We need a pool to allocate our mutex. Since we can't clear
|
|
* allocated memory from a pool, create a subpool that we can blow
|
|
* away in the destruction callback.
|
|
*/
|
|
apr_pool_create(&p, dynlockpool);
|
|
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_TRACE1, 0, p,
|
|
"Creating dynamic lock");
|
|
|
|
value = apr_palloc(p, sizeof(struct CRYPTO_dynlock_value));
|
|
value->pool = p;
|
|
/* Keep our own copy of the place from which we were created,
|
|
using our own pool. */
|
|
value->file = apr_pstrdup(p, file);
|
|
value->line = line;
|
|
rv = apr_thread_mutex_create(&(value->mutex), APR_THREAD_MUTEX_DEFAULT,
|
|
p);
|
|
if (rv != APR_SUCCESS) {
|
|
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_ERR, rv, p, APLOGNO(02186)
|
|
"Failed to create thread mutex for dynamic lock");
|
|
apr_pool_destroy(p);
|
|
return NULL;
|
|
}
|
|
return value;
|
|
}
|
|
|
|
/*
|
|
* Dynamic locking and unlocking function
|
|
*/
|
|
|
|
static void ssl_dyn_lock_function(int mode, struct CRYPTO_dynlock_value *l,
|
|
const char *file, int line)
|
|
{
|
|
apr_status_t rv;
|
|
|
|
if (mode & CRYPTO_LOCK) {
|
|
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_TRACE3, 0, l->pool,
|
|
"Acquiring mutex %s:%d", l->file, l->line);
|
|
rv = apr_thread_mutex_lock(l->mutex);
|
|
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_TRACE3, rv, l->pool,
|
|
"Mutex %s:%d acquired!", l->file, l->line);
|
|
}
|
|
else {
|
|
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_TRACE3, 0, l->pool,
|
|
"Releasing mutex %s:%d", l->file, l->line);
|
|
rv = apr_thread_mutex_unlock(l->mutex);
|
|
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_TRACE3, rv, l->pool,
|
|
"Mutex %s:%d released!", l->file, l->line);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Dynamic lock destruction callback
|
|
*/
|
|
static void ssl_dyn_destroy_function(struct CRYPTO_dynlock_value *l,
|
|
const char *file, int line)
|
|
{
|
|
apr_status_t rv;
|
|
|
|
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_TRACE1, 0, l->pool,
|
|
"Destroying dynamic lock %s:%d", l->file, l->line);
|
|
rv = apr_thread_mutex_destroy(l->mutex);
|
|
if (rv != APR_SUCCESS) {
|
|
ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_ERR, rv, l->pool,
|
|
APLOGNO(02192) "Failed to destroy mutex for dynamic "
|
|
"lock %s:%d", l->file, l->line);
|
|
}
|
|
|
|
/* Trust that whomever owned the CRYPTO_dynlock_value we were
|
|
* passed has no future use for it...
|
|
*/
|
|
apr_pool_destroy(l->pool);
|
|
}
|
|
|
|
static unsigned long ssl_util_thr_id(void)
|
|
{
|
|
/* OpenSSL needs this to return an unsigned long. On OS/390, the pthread
|
|
* id is a structure twice that big. Use the TCB pointer instead as a
|
|
* unique unsigned long.
|
|
*/
|
|
#ifdef __MVS__
|
|
struct PSA {
|
|
char unmapped[540];
|
|
unsigned long PSATOLD;
|
|
} *psaptr = 0;
|
|
|
|
return psaptr->PSATOLD;
|
|
#else
|
|
return (unsigned long) apr_os_thread_current();
|
|
#endif
|
|
}
|
|
|
|
static apr_status_t ssl_util_thread_cleanup(void *data)
|
|
{
|
|
CRYPTO_set_locking_callback(NULL);
|
|
CRYPTO_set_id_callback(NULL);
|
|
|
|
CRYPTO_set_dynlock_create_callback(NULL);
|
|
CRYPTO_set_dynlock_lock_callback(NULL);
|
|
CRYPTO_set_dynlock_destroy_callback(NULL);
|
|
|
|
dynlockpool = NULL;
|
|
|
|
/* Let the registered mutex cleanups do their own thing
|
|
*/
|
|
return APR_SUCCESS;
|
|
}
|
|
|
|
void ssl_util_thread_setup(apr_pool_t *p)
|
|
{
|
|
int i;
|
|
|
|
lock_num_locks = CRYPTO_num_locks();
|
|
lock_cs = apr_palloc(p, lock_num_locks * sizeof(*lock_cs));
|
|
|
|
for (i = 0; i < lock_num_locks; i++) {
|
|
apr_thread_mutex_create(&(lock_cs[i]), APR_THREAD_MUTEX_DEFAULT, p);
|
|
}
|
|
|
|
CRYPTO_set_id_callback(ssl_util_thr_id);
|
|
|
|
CRYPTO_set_locking_callback(ssl_util_thr_lock);
|
|
|
|
/* Set up dynamic locking scaffolding for OpenSSL to use at its
|
|
* convenience.
|
|
*/
|
|
dynlockpool = p;
|
|
CRYPTO_set_dynlock_create_callback(ssl_dyn_create_function);
|
|
CRYPTO_set_dynlock_lock_callback(ssl_dyn_lock_function);
|
|
CRYPTO_set_dynlock_destroy_callback(ssl_dyn_destroy_function);
|
|
|
|
apr_pool_cleanup_register(p, NULL, ssl_util_thread_cleanup,
|
|
apr_pool_cleanup_null);
|
|
}
|
|
#endif
|