apr_crypto.c (302408) | apr_crypto.c (362181) |
---|---|
1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 --- 106 unchanged lines hidden (view full) --- 115 116 return ret; 117} 118 119static apr_status_t crypto_clear(void *ptr) 120{ 121 apr_crypto_clear_t *clear = (apr_crypto_clear_t *)ptr; 122 | 1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 --- 106 unchanged lines hidden (view full) --- 115 116 return ret; 117} 118 119static apr_status_t crypto_clear(void *ptr) 120{ 121 apr_crypto_clear_t *clear = (apr_crypto_clear_t *)ptr; 122 |
123 memset(clear->buffer, 0, clear->size); | 123 apr_crypto_memzero(clear->buffer, clear->size); |
124 clear->buffer = NULL; 125 clear->size = 0; 126 127 return APR_SUCCESS; 128} 129 130APU_DECLARE(apr_status_t) apr_crypto_clear(apr_pool_t *pool, 131 void *buffer, apr_size_t size) --- 4 unchanged lines hidden (view full) --- 136 clear->size = size; 137 138 apr_pool_cleanup_register(pool, clear, crypto_clear, 139 apr_pool_cleanup_null); 140 141 return APR_SUCCESS; 142} 143 | 124 clear->buffer = NULL; 125 clear->size = 0; 126 127 return APR_SUCCESS; 128} 129 130APU_DECLARE(apr_status_t) apr_crypto_clear(apr_pool_t *pool, 131 void *buffer, apr_size_t size) --- 4 unchanged lines hidden (view full) --- 136 clear->size = size; 137 138 apr_pool_cleanup_register(pool, clear, crypto_clear, 139 apr_pool_cleanup_null); 140 141 return APR_SUCCESS; 142} 143 |
144#if defined(HAVE_WEAK_SYMBOLS) 145void apr__memzero_explicit(void *buffer, apr_size_t size); 146 147__attribute__ ((weak)) 148void apr__memzero_explicit(void *buffer, apr_size_t size) 149{ 150 memset(buffer, 0, size); 151} 152#endif 153 154APU_DECLARE(apr_status_t) apr_crypto_memzero(void *buffer, apr_size_t size) 155{ 156#if defined(WIN32) 157 SecureZeroMemory(buffer, size); 158#elif defined(HAVE_MEMSET_S) 159 if (size) { 160 return memset_s(buffer, (rsize_t)size, 0, (rsize_t)size); 161 } 162#elif defined(HAVE_EXPLICIT_BZERO) 163 explicit_bzero(buffer, size); 164#elif defined(HAVE_WEAK_SYMBOLS) 165 apr__memzero_explicit(buffer, size); 166#else 167 apr_size_t i; 168 volatile unsigned char *volatile ptr = buffer; 169 for (i = 0; i < size; ++i) { 170 ptr[i] = 0; 171 } 172#endif 173 return APR_SUCCESS; 174} 175 176APU_DECLARE(int) apr_crypto_equals(const void *buf1, const void *buf2, 177 apr_size_t size) 178{ 179 const unsigned char *p1 = buf1; 180 const unsigned char *p2 = buf2; 181 unsigned char diff = 0; 182 apr_size_t i; 183 184 for (i = 0; i < size; ++i) { 185 diff |= p1[i] ^ p2[i]; 186 } 187 188 return 1 & ((diff - 1) >> 8); 189} 190 |
|
144APU_DECLARE(apr_status_t) apr_crypto_get_driver( 145 const apr_crypto_driver_t **driver, const char *name, 146 const char *params, const apu_err_t **result, apr_pool_t *pool) 147{ 148#if APU_DSO_BUILD 149 char modname[32]; 150 char symname[34]; 151 apr_dso_handle_t *dso; --- 31 unchanged lines hidden (view full) --- 183 "apr_crypto_%s-" APU_STRINGIFY(APU_MAJOR_VERSION) ".dll", name); 184#else 185 apr_snprintf(modname, sizeof(modname), 186 "apr_crypto_%s-" APU_STRINGIFY(APU_MAJOR_VERSION) ".so", name); 187#endif 188 apr_snprintf(symname, sizeof(symname), "apr_crypto_%s_driver", name); 189 rv = apu_dso_load(&dso, &symbol, modname, symname, pool); 190 if (rv == APR_SUCCESS || rv == APR_EINIT) { /* previously loaded?!? */ | 191APU_DECLARE(apr_status_t) apr_crypto_get_driver( 192 const apr_crypto_driver_t **driver, const char *name, 193 const char *params, const apu_err_t **result, apr_pool_t *pool) 194{ 195#if APU_DSO_BUILD 196 char modname[32]; 197 char symname[34]; 198 apr_dso_handle_t *dso; --- 31 unchanged lines hidden (view full) --- 230 "apr_crypto_%s-" APU_STRINGIFY(APU_MAJOR_VERSION) ".dll", name); 231#else 232 apr_snprintf(modname, sizeof(modname), 233 "apr_crypto_%s-" APU_STRINGIFY(APU_MAJOR_VERSION) ".so", name); 234#endif 235 apr_snprintf(symname, sizeof(symname), "apr_crypto_%s_driver", name); 236 rv = apu_dso_load(&dso, &symbol, modname, symname, pool); 237 if (rv == APR_SUCCESS || rv == APR_EINIT) { /* previously loaded?!? */ |
191 *driver = symbol; 192 name = apr_pstrdup(pool, name); 193 apr_hash_set(drivers, name, APR_HASH_KEY_STRING, *driver); | 238 apr_crypto_driver_t *d = symbol; |
194 rv = APR_SUCCESS; | 239 rv = APR_SUCCESS; |
195 if ((*driver)->init) { 196 rv = (*driver)->init(pool, params, result); | 240 if (d->init) { 241 rv = d->init(pool, params, result); |
197 } | 242 } |
243 if (APR_SUCCESS == rv) { 244 *driver = symbol; 245 name = apr_pstrdup(pool, name); 246 apr_hash_set(drivers, name, APR_HASH_KEY_STRING, *driver); 247 } |
|
198 } 199 apu_dso_mutex_unlock(); 200 201 if (APR_SUCCESS != rv && result && !*result) { 202 char *buffer = apr_pcalloc(pool, ERROR_SIZE); 203 apu_err_t *err = apr_pcalloc(pool, sizeof(apu_err_t)); 204 if (err && buffer) { 205 apr_dso_error(dso, buffer, ERROR_SIZE - 1); --- 12 unchanged lines hidden (view full) --- 218 DRIVER_LOAD("openssl", apr_crypto_openssl_driver, pool, params, rv, result); 219 } 220#endif 221#if APU_HAVE_NSS 222 if (name[0] == 'n' && !strcmp(name, "nss")) { 223 DRIVER_LOAD("nss", apr_crypto_nss_driver, pool, params, rv, result); 224 } 225#endif | 248 } 249 apu_dso_mutex_unlock(); 250 251 if (APR_SUCCESS != rv && result && !*result) { 252 char *buffer = apr_pcalloc(pool, ERROR_SIZE); 253 apu_err_t *err = apr_pcalloc(pool, sizeof(apu_err_t)); 254 if (err && buffer) { 255 apr_dso_error(dso, buffer, ERROR_SIZE - 1); --- 12 unchanged lines hidden (view full) --- 268 DRIVER_LOAD("openssl", apr_crypto_openssl_driver, pool, params, rv, result); 269 } 270#endif 271#if APU_HAVE_NSS 272 if (name[0] == 'n' && !strcmp(name, "nss")) { 273 DRIVER_LOAD("nss", apr_crypto_nss_driver, pool, params, rv, result); 274 } 275#endif |
276#if APU_HAVE_COMMONCRYPTO 277 if (name[0] == 'c' && !strcmp(name, "commoncrypto")) { 278 DRIVER_LOAD("commoncrypto", apr_crypto_commoncrypto_driver, pool, params, rv, result); 279 } 280#endif |
|
226#if APU_HAVE_MSCAPI 227 if (name[0] == 'm' && !strcmp(name, "mscapi")) { 228 DRIVER_LOAD("mscapi", apr_crypto_mscapi_driver, pool, params, rv, result); 229 } 230#endif 231#if APU_HAVE_MSCNG 232 if (name[0] == 'm' && !strcmp(name, "mscng")) { 233 DRIVER_LOAD("mscng", apr_crypto_mscng_driver, pool, params, rv, result); --- 48 unchanged lines hidden (view full) --- 282APU_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, 283 const apr_crypto_driver_t *driver, const char *params, apr_pool_t *pool) 284{ 285 return driver->make(f, driver, params, pool); 286} 287 288/** 289 * @brief Get a hash table of key types, keyed by the name of the type against | 281#if APU_HAVE_MSCAPI 282 if (name[0] == 'm' && !strcmp(name, "mscapi")) { 283 DRIVER_LOAD("mscapi", apr_crypto_mscapi_driver, pool, params, rv, result); 284 } 285#endif 286#if APU_HAVE_MSCNG 287 if (name[0] == 'm' && !strcmp(name, "mscng")) { 288 DRIVER_LOAD("mscng", apr_crypto_mscng_driver, pool, params, rv, result); --- 48 unchanged lines hidden (view full) --- 337APU_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f, 338 const apr_crypto_driver_t *driver, const char *params, apr_pool_t *pool) 339{ 340 return driver->make(f, driver, params, pool); 341} 342 343/** 344 * @brief Get a hash table of key types, keyed by the name of the type against |
290 * an integer pointer constant. | 345 * a pointer to apr_crypto_block_key_type_t, which in turn begins with an 346 * integer. |
291 * 292 * @param types - hashtable of key types keyed to constants. 293 * @param f - encryption context 294 * @return APR_SUCCESS for success 295 */ 296APU_DECLARE(apr_status_t) apr_crypto_get_block_key_types(apr_hash_t **types, 297 const apr_crypto_t *f) 298{ 299 return f->provider->get_block_key_types(types, f); 300} 301 302/** 303 * @brief Get a hash table of key modes, keyed by the name of the mode against | 347 * 348 * @param types - hashtable of key types keyed to constants. 349 * @param f - encryption context 350 * @return APR_SUCCESS for success 351 */ 352APU_DECLARE(apr_status_t) apr_crypto_get_block_key_types(apr_hash_t **types, 353 const apr_crypto_t *f) 354{ 355 return f->provider->get_block_key_types(types, f); 356} 357 358/** 359 * @brief Get a hash table of key modes, keyed by the name of the mode against |
304 * an integer pointer constant. | 360 * a pointer to apr_crypto_block_key_mode_t, which in turn begins with an 361 * integer. |
305 * 306 * @param modes - hashtable of key modes keyed to constants. 307 * @param f - encryption context 308 * @return APR_SUCCESS for success 309 */ 310APU_DECLARE(apr_status_t) apr_crypto_get_block_key_modes(apr_hash_t **modes, 311 const apr_crypto_t *f) 312{ 313 return f->provider->get_block_key_modes(modes, f); 314} 315 316/** | 362 * 363 * @param modes - hashtable of key modes keyed to constants. 364 * @param f - encryption context 365 * @return APR_SUCCESS for success 366 */ 367APU_DECLARE(apr_status_t) apr_crypto_get_block_key_modes(apr_hash_t **modes, 368 const apr_crypto_t *f) 369{ 370 return f->provider->get_block_key_modes(modes, f); 371} 372 373/** |
374 * @brief Create a key from the provided secret or passphrase. The key is cleaned 375 * up when the context is cleaned, and may be reused with multiple encryption 376 * or decryption operations. 377 * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If 378 * *key is not NULL, *key must point at a previously created structure. 379 * @param key The key returned, see note. 380 * @param rec The key record, from which the key will be derived. 381 * @param f The context to use. 382 * @param p The pool to use. 383 * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend 384 * error occurred while generating the key. APR_ENOCIPHER if the type or mode 385 * is not supported by the particular backend. APR_EKEYTYPE if the key type is 386 * not known. APR_EPADDING if padding was requested but is not supported. 387 * APR_ENOTIMPL if not implemented. 388 */ 389APU_DECLARE(apr_status_t) apr_crypto_key(apr_crypto_key_t **key, 390 const apr_crypto_key_rec_t *rec, const apr_crypto_t *f, apr_pool_t *p) 391{ 392 return f->provider->key(key, rec, f, p); 393} 394 395/** |
|
317 * @brief Create a key from the given passphrase. By default, the PBKDF2 318 * algorithm is used to generate the key from the passphrase. It is expected 319 * that the same pass phrase will generate the same key, regardless of the 320 * backend crypto platform used. The key is cleaned up when the context 321 * is cleaned, and may be reused with multiple encryption or decryption 322 * operations. 323 * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If 324 * *key is not NULL, *key must point at a previously created structure. --- 205 unchanged lines hidden --- | 396 * @brief Create a key from the given passphrase. By default, the PBKDF2 397 * algorithm is used to generate the key from the passphrase. It is expected 398 * that the same pass phrase will generate the same key, regardless of the 399 * backend crypto platform used. The key is cleaned up when the context 400 * is cleaned, and may be reused with multiple encryption or decryption 401 * operations. 402 * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If 403 * *key is not NULL, *key must point at a previously created structure. --- 205 unchanged lines hidden --- |