From: William A. Rowe Jr Date: Tue, 31 Jul 2001 03:16:55 +0000 (+0000) Subject: This patch eliminates the direct use of OS library calls (fopen and X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae43f14693ca522dd1d41e6be126a01cba031827;p=thirdparty%2Fapache%2Fhttpd.git This patch eliminates the direct use of OS library calls (fopen and other depreciated Apache 1.3 library utilities) from ssl_engine_pphrase.c and ssl_util_ssl.c. Submitted by: Madhusudan Mathihalli git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@89818 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/ssl_engine_pphrase.c b/ssl_engine_pphrase.c index 2213853aea7..76249a4b038 100644 --- a/ssl_engine_pphrase.c +++ b/ssl_engine_pphrase.c @@ -63,6 +63,21 @@ -- Clifford Stoll */ #include "mod_ssl.h" +/* + * Return true if the named file exists and is readable + */ + +static apr_status_t exists_and_readable(char *fname, apr_pool_t *pool) +{ + apr_finfo_t sbuf; + + if ( apr_stat(&sbuf, fname, APR_FINFO_NORM, pool) != APR_SUCCESS ) + return APR_ENOSTAT; + + return ( ((sbuf.filetype == APR_REG) && (sbuf.protection & APR_UREAD)) ? + APR_SUCCESS : APR_EGENERAL); +} + /* _________________________________________________________________ ** ** Pass Phrase and Private Key Handling @@ -84,7 +99,6 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) ssl_asn1_t *asn1; unsigned char *ucp; X509 *pX509Cert; - FILE *fp; BOOL bReadable; ssl_ds_array *aPassPhrase; int nPassPhrase; @@ -136,25 +150,16 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++) { apr_cpystrn(szPath, sc->szPublicCertFile[i], sizeof(szPath)); -#if 0 /* XXX */ - if ((fp = ap_pfopen(p, szPath, "r")) == NULL) { -#else - if ((fp = fopen(szPath, "r")) == NULL) { -#endif + if ( exists_and_readable(szPath, p) != APR_SUCCESS ) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, "Init: Can't open server certificate file %s", szPath); ssl_die(); } - if ((pX509Cert = SSL_read_X509(fp, NULL, NULL)) == NULL) { + if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: Unable to read server certificate from file %s", szPath); ssl_die(); } -#if 0 /* XXX */ - ap_pfclose(p, fp); -#else - fclose(fp); -#endif /* * check algorithm type of certificate and make @@ -236,24 +241,15 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) * the callback function which serves the pass * phrases to OpenSSL */ -#if 0 /* XXX */ - if ((fp = ap_pfopen(p, szPath, "r")) == NULL) { -#else - if ((fp = fopen(szPath, "r")) == NULL) { -#endif - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Init: Can't open server private key file %s", szPath); - ssl_die(); + if ( exists_and_readable(szPath, p) != APR_SUCCESS ) { + ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, + "Init: Can't open server private key file %s",szPath); + ssl_die(); } cpPassPhraseCur = NULL; - bReadable = ((pPrivateKey = SSL_read_PrivateKey(fp, NULL, - ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE); -#if 0 /* XXX */ - ap_pfclose(p, fp); -#else - fclose(fp); -#endif - + bReadable = ((pPrivateKey = SSL_read_PrivateKey(szPath, NULL, + ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE); + /* * when the private key file now was readable, * it's fine and we go out of the loop diff --git a/ssl_util_ssl.c b/ssl_util_ssl.c index 7206d4c9a40..da4730024fb 100644 --- a/ssl_util_ssl.c +++ b/ssl_util_ssl.c @@ -95,25 +95,24 @@ void SSL_set_app_data2(SSL *ssl, void *arg) ** _________________________________________________________________ */ -X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char*,int,int,void*)) +X509 *SSL_read_X509(char* filename, X509 **x509, int (*cb)(char*,int,int,void*)) { X509 *rc; BIO *bioS; BIO *bioF; /* 1. try PEM (= DER+Base64+headers) */ -#if SSL_LIBRARY_VERSION < 0x00904000 - rc = PEM_read_X509(fp, x509, cb); -#else - rc = PEM_read_X509(fp, x509, cb, NULL); -#endif + if ((bioS=BIO_new_file(filename, "r")) == NULL) + return NULL; + rc=PEM_read_bio_X509 (bioS, x509, cb, NULL); + BIO_free(bioS); + if (rc == NULL) { /* 2. try DER+Base64 */ - fseek(fp, 0L, SEEK_SET); - if ((bioS = BIO_new(BIO_s_fd())) == NULL) - return NULL; - BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); - if ((bioF = BIO_new(BIO_f_base64())) == NULL) { + if ((bioS=BIO_new_file(filename, "r")) == NULL) + return NULL; + + if ((bioF = BIO_new(BIO_f_base64())) == NULL) { BIO_free(bioS); return NULL; } @@ -122,10 +121,8 @@ X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char*,int,int,void*)) BIO_free_all(bioS); if (rc == NULL) { /* 3. try plain DER */ - fseek(fp, 0L, SEEK_SET); - if ((bioS = BIO_new(BIO_s_fd())) == NULL) - return NULL; - BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); + if ((bioS=BIO_new_file(filename, "r")) == NULL) + return NULL; rc = d2i_X509_bio(bioS, NULL); BIO_free(bioS); } @@ -148,25 +145,24 @@ static EVP_PKEY *d2i_PrivateKey_bio(BIO *bio, EVP_PKEY **key) } #endif -EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char*,int,int,void*), void *s) +EVP_PKEY *SSL_read_PrivateKey(char* filename, EVP_PKEY **key, int (*cb)(char*,int,int,void*), void *s) { EVP_PKEY *rc; BIO *bioS; BIO *bioF; /* 1. try PEM (= DER+Base64+headers) */ -#if SSL_LIBRARY_VERSION < 0x00904000 - rc = PEM_read_PrivateKey(fp, key, cb); -#else - rc = PEM_read_PrivateKey(fp, key, cb, s); -#endif + if ((bioS=BIO_new_file(filename, "r")) == NULL) + return NULL; + rc = PEM_read_bio_PrivateKey(bioS, key, cb, s); + BIO_free(bioS); + if (rc == NULL) { /* 2. try DER+Base64 */ - fseek(fp, 0L, SEEK_SET); - if ((bioS = BIO_new(BIO_s_fd())) == NULL) - return NULL; - BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); - if ((bioF = BIO_new(BIO_f_base64())) == NULL) { + if ( (bioS = BIO_new_file(filename, "r")) == NULL ) + return NULL; + + if ((bioF = BIO_new(BIO_f_base64())) == NULL) { BIO_free(bioS); return NULL; } @@ -175,10 +171,8 @@ EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char*,int,int, BIO_free_all(bioS); if (rc == NULL) { /* 3. try plain DER */ - fseek(fp, 0L, SEEK_SET); - if ((bioS = BIO_new(BIO_s_fd())) == NULL) - return NULL; - BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); + if ( (bioS = BIO_new_file(filename, "r")) == NULL ) + return NULL; rc = d2i_PrivateKey_bio(bioS, NULL); BIO_free(bioS); } diff --git a/ssl_util_ssl.h b/ssl_util_ssl.h index 40a0936932a..6bcf81df17e 100644 --- a/ssl_util_ssl.h +++ b/ssl_util_ssl.h @@ -94,8 +94,8 @@ int SSL_get_app_data2_idx(void); void *SSL_get_app_data2(SSL *); void SSL_set_app_data2(SSL *, void *); -X509 *SSL_read_X509(FILE *, X509 **, int (*)(char*,int,int,void*)); -EVP_PKEY *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int (*)(char*,int,int,void*), void *); +X509 *SSL_read_X509(char *, X509 **, int (*)(char*,int,int,void*)); +EVP_PKEY *SSL_read_PrivateKey(char *, EVP_PKEY **, int (*)(char*,int,int,void*), void *); int SSL_smart_shutdown(SSL *ssl); X509_STORE *SSL_X509_STORE_create(char *, char *); int SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);