Return-Path: X-Original-To: apmail-apr-commits-archive@www.apache.org Delivered-To: apmail-apr-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3EAAD9A38 for ; Sun, 23 Oct 2011 16:01:18 +0000 (UTC) Received: (qmail 77204 invoked by uid 500); 23 Oct 2011 16:01:18 -0000 Delivered-To: apmail-apr-commits-archive@apr.apache.org Received: (qmail 77156 invoked by uid 500); 23 Oct 2011 16:01:17 -0000 Mailing-List: contact commits-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: dev@apr.apache.org List-Id: Delivered-To: mailing list commits@apr.apache.org Received: (qmail 77148 invoked by uid 99); 23 Oct 2011 16:01:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Oct 2011 16:01:17 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Oct 2011 16:01:15 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id F275923889FA for ; Sun, 23 Oct 2011 16:00:54 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1187914 - in /apr/apr/trunk: crypto/apr_crypto.c crypto/apr_crypto_nss.c crypto/apr_crypto_openssl.c include/apr_crypto.h include/private/apr_crypto_internal.h test/testcrypto.c Date: Sun, 23 Oct 2011 16:00:54 -0000 To: commits@apr.apache.org From: minfrin@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20111023160054.F275923889FA@eris.apache.org> Author: minfrin Date: Sun Oct 23 16:00:54 2011 New Revision: 1187914 URL: http://svn.apache.org/viewvc?rev=1187914&view=rev Log: apr_crypto: Replace the LDAP inspired constant-based parameter passing with the apr_dbd inspired string passing, and simplify configuration. Modified: apr/apr/trunk/crypto/apr_crypto.c apr/apr/trunk/crypto/apr_crypto_nss.c apr/apr/trunk/crypto/apr_crypto_openssl.c apr/apr/trunk/include/apr_crypto.h apr/apr/trunk/include/private/apr_crypto_internal.h apr/apr/trunk/test/testcrypto.c Modified: apr/apr/trunk/crypto/apr_crypto.c URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto.c?rev=1187914&r1=1187913&r2=1187914&view=diff ============================================================================== --- apr/apr/trunk/crypto/apr_crypto.c (original) +++ apr/apr/trunk/crypto/apr_crypto.c Sun Oct 23 16:00:54 2011 @@ -116,9 +116,9 @@ APR_DECLARE(apr_status_t) apr_crypto_ini return ret; } -APR_DECLARE(apr_status_t) apr_crypto_get_driver(const apr_crypto_driver_t **driver, - const char *name, const apr_array_header_t *params, const apu_err_t **result, - apr_pool_t *pool) { +APR_DECLARE(apr_status_t) apr_crypto_get_driver( + const apr_crypto_driver_t **driver, const char *name, + const char *params, const apu_err_t **result, apr_pool_t *pool) { #if APR_HAVE_MODULAR_DSO char modname[32]; char symname[34]; @@ -227,9 +227,12 @@ APR_DECLARE(apr_status_t) apr_crypto_err * @param pool - process pool * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE * if the engine cannot be initialised. + * @remarks NSS: currently no params are supported. + * @remarks OpenSSL: the params can have "engine" as a key, followed by an equal + * sign and a value. */ APR_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, const apr_crypto_driver_t *driver, - const apr_array_header_t *params, apr_pool_t *pool) { + const char *params, apr_pool_t *pool) { return driver->make(f, driver, params, pool); } Modified: apr/apr/trunk/crypto/apr_crypto_nss.c URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto_nss.c?rev=1187914&r1=1187913&r2=1187914&view=diff ============================================================================== --- apr/apr/trunk/crypto/apr_crypto_nss.c (original) +++ apr/apr/trunk/crypto/apr_crypto_nss.c Sun Oct 23 16:00:54 2011 @@ -118,7 +118,7 @@ static apr_status_t crypto_shutdown_help /** * Initialise the crypto library and perform one time initialisation. */ -static apr_status_t crypto_init(apr_pool_t *pool, const apr_array_header_t *params, int *rc) +static apr_status_t crypto_init(apr_pool_t *pool, const char *params, int *rc) { SECStatus s; const char *dir = NULL; @@ -126,37 +126,69 @@ static apr_status_t crypto_init(apr_pool const char *certPrefix = NULL; const char *secmod = NULL; PRUint32 flags = 0; - struct apr_crypto_param_t *ents = params ? (struct apr_crypto_param_t *)params->elts : NULL; - int i = 0; + + struct { + const char *field; + char *value; + } fields[] = { + {"dir", NULL}, + {"key3", NULL}, + {"cert7", NULL}, + {"secmod", NULL}, + {NULL, NULL} + }; + int i; + const char *ptr; + const char *key; + size_t klen; + const char *value; + size_t vlen; + static const char *const delims = " \r\n\t;|,"; /* sanity check - we can only initialise NSS once */ if (NSS_IsInitialized()) { return APR_EREINIT; } + /* snitch parsing from the MySQL driver */ + for (ptr = strchr(params, '='); ptr; ptr = strchr(ptr, '=')) { + /* don't dereference memory that may not belong to us */ + if (ptr == params) { + ++ptr; + continue; + } + for (key = ptr-1; apr_isspace(*key); --key); + klen = 0; + while (apr_isalpha(*key)) { + if (key == params) { + /* Don't parse off the front of the params */ + --key; + ++klen; + break; + } + --key; + ++klen; + } + ++key; + for (value = ptr+1; apr_isspace(*value); ++value); + vlen = strcspn(value, delims); + for (i=0; fields[i].field != NULL; ++i) { + if (!strncasecmp(fields[i].field, key, klen)) { + fields[i].value = apr_pstrndup(pool, value, vlen); + break; + } + } + ptr = value+vlen; + } + dir = fields[0].value; + keyPrefix = fields[1].value; + certPrefix = fields[2].value; + secmod = fields[3].value; + apr_pool_cleanup_register(pool, pool, crypto_shutdown_helper, apr_pool_cleanup_null); - for (i = 0; params && i < params->nelts; i++) { - switch (ents[i].type) { - case APR_CRYPTO_CA_TYPE_DIR: - dir = ents[i].path; - break; - case APR_CRYPTO_CERT_TYPE_KEY3_DB: - keyPrefix = ents[i].path; - break; - case APR_CRYPTO_CA_TYPE_CERT7_DB: - certPrefix = ents[i].path; - break; - case APR_CRYPTO_CA_TYPE_SECMOD: - secmod = ents[i].path; - break; - default: - return APR_EINIT; - } - } - if (keyPrefix || certPrefix || secmod) { s = NSS_Initialize(dir, certPrefix, keyPrefix, secmod, flags); } @@ -234,17 +266,15 @@ static apr_status_t crypto_cleanup_helpe * registered with the given pool to guarantee a graceful shutdown. * @param f - context pointer will be written here * @param provider - provider to use - * @param params - array of key parameters + * @param params - parameter string * @param pool - process pool * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE * if the engine cannot be initialised. */ static apr_status_t crypto_make(apr_crypto_t **ff, const apr_crypto_driver_t *provider, - const apr_array_header_t *params, apr_pool_t *pool) + const char *params, apr_pool_t *pool) { apr_crypto_config_t *config = NULL; - /* struct apr_crypto_param_t *ents = params ? (struct apr_crypto_param_t *)params->elts : NULL; */ - /* int i = 0; */ apr_crypto_t *f; f = apr_pcalloc(pool, sizeof(apr_crypto_t)); @@ -285,19 +315,6 @@ static apr_status_t crypto_make(apr_cryp crypto_cleanup_helper, apr_pool_cleanup_null); - /* - for (i = 0; params && i < params->nelts; i++) { - switch (ents[i].type) { - default: - f->result->rc = -1; - f->result->reason = "The NSS module currently supports " - "no per context initialisation parameters at this time, but " - "may do in future."; - return APR_EINIT; - } - } - */ - return APR_SUCCESS; } Modified: apr/apr/trunk/crypto/apr_crypto_openssl.c URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto_openssl.c?rev=1187914&r1=1187913&r2=1187914&view=diff ============================================================================== --- apr/apr/trunk/crypto/apr_crypto_openssl.c (original) +++ apr/apr/trunk/crypto/apr_crypto_openssl.c Sun Oct 23 16:00:54 2011 @@ -14,6 +14,7 @@ * limitations under the License. */ +#include "apr_lib.h" #include "apu.h" #include "apr_private.h" #include "apu_errno.h" @@ -105,7 +106,7 @@ static apr_status_t crypto_shutdown_help * Initialise the crypto library and perform one time initialisation. */ static apr_status_t crypto_init(apr_pool_t *pool, - const apr_array_header_t *params, int *rc) { + const char *params, int *rc) { CRYPTO_malloc_init(); ERR_load_crypto_strings(); /* SSL_load_error_strings(); */ @@ -176,13 +177,27 @@ static apr_status_t crypto_cleanup_helpe * if the engine cannot be initialised. */ static apr_status_t crypto_make(apr_crypto_t **ff, const apr_crypto_driver_t *provider, - const apr_array_header_t *params, apr_pool_t *pool) + const char *params, apr_pool_t *pool) { apr_crypto_config_t *config = NULL; - struct apr_crypto_param_t *ents = - params ? (struct apr_crypto_param_t *) params->elts : NULL; - int i = 0; apr_crypto_t *f = apr_pcalloc(pool, sizeof(apr_crypto_t)); + + struct { + const char *field; + char *value; + } fields[] = { + {"engine", NULL}, + {NULL, NULL} + }; + int i; + const char *ptr; + const char *key; + size_t klen; + const char *value; + size_t vlen; + static const char *const delims = " \r\n\t;|,"; + const char *engine; + if (!f) { return APR_ENOMEM; } @@ -223,19 +238,47 @@ static apr_status_t crypto_make(apr_cryp apr_pool_cleanup_register(pool, f, crypto_cleanup_helper, apr_pool_cleanup_null); - for (i = 0; params && i < params->nelts; i++) { - switch (ents[i].type) { - case APR_CRYPTO_ENGINE: - config->engine = ENGINE_by_id(ents[i].path); - if (!config->engine) { - return APR_ENOENGINE; + /* snitch parsing from the MySQL driver */ + for (ptr = strchr(params, '='); ptr; ptr = strchr(ptr, '=')) { + /* don't dereference memory that may not belong to us */ + if (ptr == params) { + ++ptr; + continue; + } + for (key = ptr-1; apr_isspace(*key); --key); + klen = 0; + while (apr_isalpha(*key)) { + if (key == params) { + /* Don't parse off the front of the params */ + --key; + ++klen; + break; } - if (!ENGINE_init(config->engine)) { - ENGINE_free(config->engine); - config->engine = NULL; - return APR_EINITENGINE; + --key; + ++klen; + } + ++key; + for (value = ptr+1; apr_isspace(*value); ++value); + vlen = strcspn(value, delims); + for (i=0; fields[i].field != NULL; ++i) { + if (!strncasecmp(fields[i].field, key, klen)) { + fields[i].value = apr_pstrndup(pool, value, vlen); + break; } - break; + } + ptr = value+vlen; + } + engine = fields[0].value; + + if (engine) { + config->engine = ENGINE_by_id(engine); + if (!config->engine) { + return APR_ENOENGINE; + } + if (!ENGINE_init(config->engine)) { + ENGINE_free(config->engine); + config->engine = NULL; + return APR_EINITENGINE; } } Modified: apr/apr/trunk/include/apr_crypto.h URL: http://svn.apache.org/viewvc/apr/apr/trunk/include/apr_crypto.h?rev=1187914&r1=1187913&r2=1187914&view=diff ============================================================================== --- apr/apr/trunk/include/apr_crypto.h (original) +++ apr/apr/trunk/include/apr_crypto.h Sun Oct 23 16:00:54 2011 @@ -37,49 +37,6 @@ extern "C" { * @{ */ -/** CA certificate type unknown */ -#define APR_CRYPTO_CA_TYPE_UNKNOWN 0 -/** binary DER encoded CA certificate */ -#define APR_CRYPTO_CA_TYPE_DER 1 -/** PEM encoded CA certificate */ -#define APR_CRYPTO_CA_TYPE_BASE64 2 -/** Netscape/Mozilla cert7.db CA certificate database */ -#define APR_CRYPTO_CA_TYPE_CERT7_DB 3 -/** Netscape/Mozilla secmod file */ -#define APR_CRYPTO_CA_TYPE_SECMOD 4 -/** Client certificate type unknown */ -#define APR_CRYPTO_CERT_TYPE_UNKNOWN 5 -/** binary DER encoded client certificate */ -#define APR_CRYPTO_CERT_TYPE_DER 6 -/** PEM encoded client certificate */ -#define APR_CRYPTO_CERT_TYPE_BASE64 7 -/** Netscape/Mozilla key3.db client certificate database */ -#define APR_CRYPTO_CERT_TYPE_KEY3_DB 8 -/** Netscape/Mozilla client certificate nickname */ -#define APR_CRYPTO_CERT_TYPE_NICKNAME 9 -/** Private key type unknown */ -#define APR_CRYPTO_KEY_TYPE_UNKNOWN 10 -/** binary DER encoded private key */ -#define APR_CRYPTO_KEY_TYPE_DER 11 -/** PEM encoded private key */ -#define APR_CRYPTO_KEY_TYPE_BASE64 12 -/** PKCS#12 encoded client certificate */ -#define APR_CRYPTO_CERT_TYPE_PFX 13 -/** PKCS#12 encoded private key */ -#define APR_CRYPTO_KEY_TYPE_PFX 14 -/** Openldap directory full of base64-encoded cert - * authorities with hashes in corresponding .0 directory - */ -#define APR_CRYPTO_CA_TYPE_CACERTDIR_BASE64 15 -/** CMS Key Database with private key and cert chain */ -#define APR_CRYPTO_CA_TYPE_CMS 16 -/** Symmetrical key */ -#define APR_CRYPTO_KEY_TYPE_SYM 17 -/** Netscape/Mozilla certificate database directory */ -#define APR_CRYPTO_CA_TYPE_DIR 18 -/** Crypto engine */ -#define APR_CRYPTO_ENGINE 101 - #if APU_HAVE_CRYPTO #ifndef APU_CRYPTO_RECOMMENDED_DRIVER @@ -158,21 +115,6 @@ typedef enum { /** Cipher Block Chaining */ } apr_crypto_block_key_mode_e; -/** - * Certificate and private key structure. - * - * The various crypto backends expect certificates and keys in a wide - * array of formats. - * @param type Type of certificate APR_CRYPTO_*_TYPE_* - * @param path Path, file or nickname of the certificate - * @param password Optional password, can be NULL - */ -typedef struct apr_crypto_param_t { - int type; - const char *path; - const char *password; -} apr_crypto_param_t; - /* These are opaque structs. Instantiation is up to each backend */ typedef struct apr_crypto_driver_t apr_crypto_driver_t; typedef struct apr_crypto_t apr_crypto_t; @@ -200,9 +142,13 @@ APR_DECLARE(apr_status_t) apr_crypto_ini * @return APR_ENOTIMPL for no driver (when DSO not enabled) * @return APR_EDSOOPEN if DSO driver file can't be opened * @return APR_ESYMNOTFOUND if the driver file doesn't contain a driver + * @remarks NSS: the params can have "dir", "key3", "cert7" and "secmod" + * keys, each followed by an equal sign and a value. Such key/value pairs can + * be delimited by space, CR, LF, tab, semicolon, vertical bar or comma. + * @remarks OpenSSL: currently no params are supported. */ APR_DECLARE(apr_status_t) apr_crypto_get_driver(const apr_crypto_driver_t **driver, - const char *name, const apr_array_header_t *params, const apu_err_t **result, + const char *name, const char *params, const apu_err_t **result, apr_pool_t *pool); /** @@ -234,9 +180,13 @@ APR_DECLARE(apr_status_t) apr_crypto_err * @param pool - process pool * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE * if the engine cannot be initialised. - */ -APR_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, const apr_crypto_driver_t *driver, - const apr_array_header_t *params, apr_pool_t *pool); + * @remarks NSS: currently no params are supported. + * @remarks OpenSSL: the params can have "engine" as a key, followed by an equal + * sign and a value. + */ +APR_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, + const apr_crypto_driver_t *driver, + const char *params, apr_pool_t *pool); /** * @brief Get a hash table of key types, keyed by the name of the type against Modified: apr/apr/trunk/include/private/apr_crypto_internal.h URL: http://svn.apache.org/viewvc/apr/apr/trunk/include/private/apr_crypto_internal.h?rev=1187914&r1=1187913&r2=1187914&view=diff ============================================================================== --- apr/apr/trunk/include/private/apr_crypto_internal.h (original) +++ apr/apr/trunk/include/private/apr_crypto_internal.h Sun Oct 23 16:00:54 2011 @@ -36,10 +36,10 @@ struct apr_crypto_driver_t { * @brief: allow driver to perform once-only initialisation. * Called once only. * @param pool The pool to register the cleanup in. - * @param params An array of optional init parameters. + * @param params Optional init parameter string. * @param rc Driver-specific additional error code */ - apr_status_t (*init)(apr_pool_t *pool, const apr_array_header_t *params, int *rc); + apr_status_t (*init)(apr_pool_t *pool, const char *params, int *rc); /** * @brief Create a context for supporting encryption. Keys, certificates, @@ -54,7 +54,7 @@ struct apr_crypto_driver_t { * if the engine cannot be initialised. */ apr_status_t (*make)(apr_crypto_t **f, const apr_crypto_driver_t *provider, - const apr_array_header_t *params, apr_pool_t *pool); + const char *params, apr_pool_t *pool); /** * @brief Get a hash table of key types, keyed by the name of the type against Modified: apr/apr/trunk/test/testcrypto.c URL: http://svn.apache.org/viewvc/apr/apr/trunk/test/testcrypto.c?rev=1187914&r1=1187913&r2=1187914&view=diff ============================================================================== --- apr/apr/trunk/test/testcrypto.c (original) +++ apr/apr/trunk/test/testcrypto.c Sun Oct 23 16:00:54 2011 @@ -29,7 +29,7 @@ #define ALIGNED_STRING "123456789012345" static const apr_crypto_driver_t *get_driver(abts_case *tc, apr_pool_t *pool, - const char *name, const apr_array_header_t *params) { + const char *name, const char *params) { const apr_crypto_driver_t *driver = NULL; const apu_err_t *err = NULL; @@ -60,15 +60,8 @@ static const apr_crypto_driver_t *get_dr static const apr_crypto_driver_t *get_nss_driver(abts_case *tc, apr_pool_t *pool) { - apr_array_header_t *params; - apr_crypto_param_t *param; - /* initialise NSS */ - params = apr_array_make(pool, 10, sizeof(apr_crypto_param_t)); - param = apr_array_push(params); - param->type = APR_CRYPTO_CA_TYPE_DIR; - param->path = "data"; - return get_driver(tc, pool, "nss", params); + return get_driver(tc, pool, "nss", "dir=data"); } @@ -89,7 +82,7 @@ static apr_crypto_t *make(abts_case *tc, } /* get the context */ - apr_crypto_make(&f, driver, NULL, pool); + apr_crypto_make(&f, driver, "engine=openssl", pool); ABTS_ASSERT(tc, "apr_crypto_make returned NULL", f != NULL); return f;