/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* _ _ * _ __ ___ ___ __| | ___ ___| | mod_ssl * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL * | | | | | | (_) | (_| | \__ \__ \ | * |_| |_| |_|\___/ \__,_|___|___/___/_| * |_____| * ssl_engine_pphrase.c * Pass Phrase Dialog */ /* ``Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.'' -- Clifford Stoll */ #include "ssl_private.h" /* * Return true if the named file exists and is readable */ static apr_status_t exists_and_readable(char *fname, apr_pool_t *pool, apr_time_t *mtime) { apr_status_t stat; apr_finfo_t sbuf; apr_file_t *fd; if ((stat = apr_stat(&sbuf, fname, APR_FINFO_MIN, pool)) != APR_SUCCESS) return stat; if (sbuf.filetype != APR_REG) return APR_EGENERAL; if ((stat = apr_file_open(&fd, fname, APR_READ, 0, pool)) != APR_SUCCESS) return stat; if (mtime) { *mtime = sbuf.mtime; } apr_file_close(fd); return APR_SUCCESS; } /* * reuse vhost keys for asn1 tables where keys are allocated out * of s->process->pool to prevent "leaking" each time we format * a vhost key. since the key is stored in a table with lifetime * of s->process->pool, the key needs to have the same lifetime. * * XXX: probably seems silly to use a hash table with keys and values * being the same, but it is easier than doing a linear search * and will make it easier to remove keys if needed in the future. * also have the problem with apr_array_header_t that if we * underestimate the number of vhost keys when we apr_array_make(), * the array will get resized when we push past the initial number * of elts. this resizing in the s->process->pool means "leaking" * since apr_array_push() will apr_alloc arr->nalloc * 2 elts, * leaving the original arr->elts to waste. */ static char *asn1_table_vhost_key(SSLModConfigRec *mc, apr_pool_t *p, char *id, char *an) { /* 'p' pool used here is cleared on restarts (or sooner) */ char *key = apr_psprintf(p, "%s:%s", id, an); void *keyptr = apr_hash_get(mc->tVHostKeys, key, APR_HASH_KEY_STRING); if (!keyptr) { /* make a copy out of s->process->pool */ keyptr = apr_pstrdup(mc->pPool, key); apr_hash_set(mc->tVHostKeys, keyptr, APR_HASH_KEY_STRING, keyptr); } return (char *)keyptr; } /* _________________________________________________________________ ** ** Pass Phrase and Private Key Handling ** _________________________________________________________________ */ #define BUILTIN_DIALOG_BACKOFF 2 #define BUILTIN_DIALOG_RETRIES 5 static apr_file_t *writetty = NULL; static apr_file_t *readtty = NULL; /* * sslc has a nasty flaw where its * PEM_read_bio_PrivateKey does not take a callback arg. */ static server_rec *ssl_pphrase_server_rec = NULL; #ifdef SSLC_VERSION_NUMBER int ssl_pphrase_Handle_CB(char *, int, int); #else int ssl_pphrase_Handle_CB(char *, int, int, void *); #endif static char *pphrase_array_get(apr_array_header_t *arr, int idx) { if ((idx < 0) || (idx >= arr->nelts)) { return NULL; } return ((char **)arr->elts)[idx]; } static void pphrase_array_clear(apr_array_header_t *arr) { if (arr->nelts > 0) { memset(arr->elts, 0, arr->elt_size * arr->nelts); } arr->nelts = 0; } /* Abandon all hope, ye who read this code. Don't believe the name: * "passphrase handling" is really a peripheral (if complex) concern; * the core purpose of this function to load into memory all * configured certs and key from files. The private key handling in * here should be split out into a separate function for improved * readability. The myCtxVarGet abomination can be thrown away with * SSLC support, vastly simplifying the code. */ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); SSLSrvConfigRec *sc; server_rec *pServ; char *cpVHostID; char szPath[MAX_STRING_LEN]; EVP_PKEY *pPrivateKey; ssl_asn1_t *asn1; unsigned char *ucp; long int length; X509 *pX509Cert; BOOL bReadable; apr_array_header_t *aPassPhrase; int nPassPhrase; int nPassPhraseCur; char *cpPassPhraseCur; int nPassPhraseRetry; int nPassPhraseDialog; int nPassPhraseDialogCur; BOOL bPassPhraseDialogOnce; char **cpp; int i, j; ssl_algo_t algoCert, algoKey, at; char *an; apr_time_t pkey_mtime = 0; apr_status_t rv; /* * Start with a fresh pass phrase array */ aPassPhrase = apr_array_make(p, 2, sizeof(char *)); nPassPhrase = 0; nPassPhraseDialog = 0; /* * Walk through all configured servers */ for (pServ = s; pServ != NULL; pServ = pServ->next) { sc = mySrvConfig(pServ); cpVHostID = ssl_util_vhostid(p, pServ); if (!sc->enabled) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ, "SSL not enabled on vhost %s, skipping SSL setup", cpVHostID); continue; } ap_log_error(APLOG_MARK, APLOG_INFO, 0, pServ, "Loading certificate & private key of SSL-aware server '%s'", cpVHostID); /* * Read in server certificate(s): This is the easy part * because this file isn't encrypted in any way. */ if (sc->server->pks->cert_files[0] == NULL && sc->server->pkcs7 == NULL) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ, "Server should be SSL-aware but has no certificate " "configured [Hint: SSLCertificateFile] (%s:%d)", pServ->defn_name, pServ->defn_line_number); ssl_die(); } /* Bitmasks for all key algorithms configured for this server; * initialize to zero. */ algoCert = SSL_ALGO_UNKNOWN; algoKey = SSL_ALGO_UNKNOWN; /* Iterate through configured certificate files for this * server. */ for (i = 0, j = 0; i < SSL_AIDX_MAX && (sc->server->pks->cert_files[i] != NULL || sc->server->pkcs7); i++) { const char *key_id; int using_cache = 0; if (sc->server->pkcs7) { STACK_OF(X509) *certs = ssl_read_pkcs7(pServ, sc->server->pkcs7); pX509Cert = sk_X509_value(certs, 0); i = SSL_AIDX_MAX; } else { apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath)); if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, "Init: Can't open server certificate file %s", szPath); ssl_die(); } if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Unable to read server certificate from" " file %s", szPath); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Init: Read server certificate from '%s'", szPath); } /* * check algorithm type of certificate and make * sure only one certificate per type is used. */ at = ssl_util_algotypeof(pX509Cert, NULL); an = ssl_util_algotypestr(at); if (algoCert & at) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Multiple %s server certificates not " "allowed", an); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } algoCert |= at; /* Determine the hash key used for this (vhost, algo-type) * pair used to index both the mc->tPrivateKey and * mc->tPublicCert tables: */ key_id = asn1_table_vhost_key(mc, p, cpVHostID, an); /* * Insert the certificate into global module configuration to let it * survive the processing between the 1st Apache API init round (where * we operate here) and the 2nd Apache init round (where the * certificate is actually used to configure mod_ssl's per-server * configuration structures). */ length = i2d_X509(pX509Cert, NULL); ucp = ssl_asn1_table_set(mc->tPublicCert, key_id, length); (void)i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */ /* * Free the X509 structure */ X509_free(pX509Cert); /* * Read in the private key: This is the non-trivial part, because the * key is typically encrypted, so a pass phrase dialog has to be used * to request it from the user (or it has to be alternatively gathered * from a dialog program). The important point here is that ISPs * usually have hundrets of virtual servers configured and a lot of * them use SSL, so really we have to minimize the pass phrase * dialogs. * * The idea is this: When N virtual hosts are configured and all of * them use encrypted private keys with different pass phrases, we * have no chance and have to pop up N pass phrase dialogs. But * usually the admin is clever enough and uses the same pass phrase * for more private key files (typically he even uses one single pass * phrase for all). When this is the case we can minimize the dialogs * by trying to re-use already known/entered pass phrases. */ if (sc->server->pks->key_files[j] != NULL) apr_cpystrn(szPath, sc->server->pks->key_files[j++], sizeof(szPath)); /* * Try to read the private key file with the help of * the callback function which serves the pass * phrases to OpenSSL */ myCtxVarSet(mc, 1, pServ); myCtxVarSet(mc, 2, p); myCtxVarSet(mc, 3, aPassPhrase); myCtxVarSet(mc, 4, &nPassPhraseCur); myCtxVarSet(mc, 5, &cpPassPhraseCur); myCtxVarSet(mc, 6, cpVHostID); myCtxVarSet(mc, 7, an); myCtxVarSet(mc, 8, &nPassPhraseDialog); myCtxVarSet(mc, 9, &nPassPhraseDialogCur); myCtxVarSet(mc, 10, &bPassPhraseDialogOnce); nPassPhraseCur = 0; nPassPhraseRetry = 0; nPassPhraseDialogCur = 0; bPassPhraseDialogOnce = TRUE; pPrivateKey = NULL; for (;;) { /* * Try to read the private key file with the help of * the callback function which serves the pass * phrases to OpenSSL */ if ((rv = exists_and_readable(szPath, p, &pkey_mtime)) != APR_SUCCESS ) { ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, "Init: Can't open server private key file " "%s",szPath); ssl_die(); } /* * if the private key is encrypted and SSLPassPhraseDialog * is configured to "builtin" it isn't possible to prompt for * a password after httpd has detached from the tty. * in this case if we already have a private key and the * file name/mtime hasn't changed, then reuse the existing key. * we also reuse existing private keys that were encrypted for * exec: and pipe: dialogs to minimize chances to snoop the * password. that and pipe: dialogs might prompt the user * for password, which on win32 for example could happen 4 * times at startup. twice for each child and twice within * each since apache "restarts itself" on startup. * of course this will not work for the builtin dialog if * the server was started without LoadModule ssl_module * configured, then restarted with it configured. * but we fall through with a chance of success if the key * is not encrypted or can be handled via exec or pipe dialog. * and in the case of fallthrough, pkey_mtime and isatty() * are used to give a better idea as to what failed. */ if (pkey_mtime) { ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id); if (asn1 && (asn1->source_mtime == pkey_mtime)) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, pServ, "%s reusing existing " "%s private key on restart", cpVHostID, ssl_asn1_keystr(i)); using_cache = 1; break; } } cpPassPhraseCur = NULL; ssl_pphrase_server_rec = s; /* to make up for sslc flaw */ /* Ensure that the error stack is empty; some SSL * functions will fail spuriously if the error stack * is not empty. */ ERR_clear_error(); bReadable = ((pPrivateKey = SSL_read_PrivateKey(szPath, NULL, ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE); /* * when the private key file now was readable, * it's fine and we go out of the loop */ if (bReadable) break; /* * when we have more remembered pass phrases * try to reuse these first. */ if (nPassPhraseCur < nPassPhrase) { nPassPhraseCur++; continue; } /* * else it's not readable and we have no more * remembered pass phrases. Then this has to mean * that the callback function popped up the dialog * but a wrong pass phrase was entered. We give the * user (but not the dialog program) a few more * chances... */ #ifndef WIN32 if ((sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) #else if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE #endif && cpPassPhraseCur != NULL && nPassPhraseRetry < BUILTIN_DIALOG_RETRIES ) { apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect " "(%d more retr%s permitted).\n", (BUILTIN_DIALOG_RETRIES-nPassPhraseRetry), (BUILTIN_DIALOG_RETRIES-nPassPhraseRetry) == 1 ? "y" : "ies"); nPassPhraseRetry++; if (nPassPhraseRetry > BUILTIN_DIALOG_BACKOFF) apr_sleep((nPassPhraseRetry-BUILTIN_DIALOG_BACKOFF) * 5 * APR_USEC_PER_SEC); continue; } #ifdef WIN32 if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: SSLPassPhraseDialog builtin is not " "supported on Win32 (key file " "%s)", szPath); ssl_die(); } #endif /* WIN32 */ /* * Ok, anything else now means a fatal error. */ if (cpPassPhraseCur == NULL) { if (nPassPhraseDialogCur && pkey_mtime && !isatty(fileno(stdout))) /* XXX: apr_isatty() */ { ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ, "Init: Unable to read pass phrase " "[Hint: key introduced or changed " "before restart?]"); ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ); } else { ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ, "Init: Private key not found"); ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ); } if (writetty) { apr_file_printf(writetty, "Apache:mod_ssl:Error: Private key not found.\n"); apr_file_printf(writetty, "**Stopped\n"); } } else { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ, "Init: Pass phrase incorrect for key of %s", cpVHostID); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, pServ); if (writetty) { apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect.\n"); apr_file_printf(writetty, "**Stopped\n"); } } ssl_die(); } /* If a cached private key was found, nothing more to do * here; loop through to the next configured cert for this * vhost. */ if (using_cache) continue; if (pPrivateKey == NULL) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Unable to read server private key from " "file %s [Hint: Perhaps it is in a separate file? " " See SSLCertificateKeyFile]", szPath); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } /* * check algorithm type of private key and make * sure only one private key per type is used. */ at = ssl_util_algotypeof(NULL, pPrivateKey); an = ssl_util_algotypestr(at); if (algoKey & at) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Multiple %s server private keys not " "allowed", an); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } algoKey |= at; /* * Log the type of reading */ if (nPassPhraseDialogCur == 0) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ, "unencrypted %s private key - pass phrase not " "required", an); } else { if (cpPassPhraseCur != NULL) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ, "encrypted %s private key - pass phrase " "requested", an); } else { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ, "encrypted %s private key - pass phrase" " reused", an); } } /* * Ok, when we have one more pass phrase store it */ if (cpPassPhraseCur != NULL) { cpp = (char **)apr_array_push(aPassPhrase); *cpp = cpPassPhraseCur; nPassPhrase++; } /* * Insert private key into the global module configuration * (we convert it to a stand-alone DER byte sequence * because the SSL library uses static variables inside a * RSA structure which do not survive DSO reloads!) */ length = i2d_PrivateKey(pPrivateKey, NULL); ucp = ssl_asn1_table_set(mc->tPrivateKey, key_id, length); (void)i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */ if (nPassPhraseDialogCur != 0) { /* remember mtime of encrypted keys */ asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id); asn1->source_mtime = pkey_mtime; } /* * Free the private key structure */ EVP_PKEY_free(pPrivateKey); } } /* * Let the user know when we're successful. */ if (nPassPhraseDialog > 0) { sc = mySrvConfig(s); if (writetty) { apr_file_printf(writetty, "\n" "OK: Pass Phrase Dialog successful.\n"); } } /* * Wipe out the used memory from the * pass phrase array and then deallocate it */ if (aPassPhrase->nelts) { pphrase_array_clear(aPassPhrase); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Init: Wiped out the queried pass phrases from memory"); } /* Close the pipes if they were opened */ if (readtty) { apr_file_close(readtty); apr_file_close(writetty); readtty = writetty = NULL; } return; } static apr_status_t ssl_pipe_child_create(apr_pool_t *p, const char *progname) { /* Child process code for 'ErrorLog "|..."'; * may want a common framework for this, since I expect it will * be common for other foo-loggers to want this sort of thing... */ apr_status_t rc; apr_procattr_t *procattr; apr_proc_t *procnew; if (((rc = apr_procattr_create(&procattr, p)) == APR_SUCCESS) && ((rc = apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK, APR_NO_PIPE)) == APR_SUCCESS)) { char **args; const char *pname; apr_tokenize_to_argv(progname, &args, p); pname = apr_pstrdup(p, args[0]); procnew = (apr_proc_t *)apr_pcalloc(p, sizeof(*procnew)); rc = apr_proc_create(procnew, pname, (const char * const *)args, NULL, procattr, p); if (rc == APR_SUCCESS) { /* XXX: not sure if we aught to... * apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT); */ writetty = procnew->in; readtty = procnew->out; } } return rc; } static int pipe_get_passwd_cb(char *buf, int length, char *prompt, int verify) { apr_status_t rc; char *p; apr_file_puts(prompt, writetty); buf[0]='\0'; rc = apr_file_gets(buf, length, readtty); apr_file_puts(APR_EOL_STR, writetty); if (rc != APR_SUCCESS || apr_file_eof(readtty)) { memset(buf, 0, length); return 1; /* failure */ } if ((p = strchr(buf, '\n')) != NULL) { *p = '\0'; } #ifdef WIN32 /* XXX: apr_sometest */ if ((p = strchr(buf, '\r')) != NULL) { *p = '\0'; } #endif return 0; } #ifdef SSLC_VERSION_NUMBER int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify) { void *srv = ssl_pphrase_server_rec; #else int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv) { #endif SSLModConfigRec *mc; server_rec *s; apr_pool_t *p; apr_array_header_t *aPassPhrase; SSLSrvConfigRec *sc; int *pnPassPhraseCur; char **cppPassPhraseCur; char *cpVHostID; char *cpAlgoType; int *pnPassPhraseDialog; int *pnPassPhraseDialogCur; BOOL *pbPassPhraseDialogOnce; char *cpp; int len = -1; mc = myModConfig((server_rec *)srv); /* * Reconnect to the context of ssl_phrase_Handle() */ s = myCtxVarGet(mc, 1, server_rec *); p = myCtxVarGet(mc, 2, apr_pool_t *); aPassPhrase = myCtxVarGet(mc, 3, apr_array_header_t *); pnPassPhraseCur = myCtxVarGet(mc, 4, int *); cppPassPhraseCur = myCtxVarGet(mc, 5, char **); cpVHostID = myCtxVarGet(mc, 6, char *); cpAlgoType = myCtxVarGet(mc, 7, char *); pnPassPhraseDialog = myCtxVarGet(mc, 8, int *); pnPassPhraseDialogCur = myCtxVarGet(mc, 9, int *); pbPassPhraseDialogOnce = myCtxVarGet(mc, 10, BOOL *); sc = mySrvConfig(s); (*pnPassPhraseDialog)++; (*pnPassPhraseDialogCur)++; /* * When remembered pass phrases are available use them... */ if ((cpp = pphrase_array_get(aPassPhrase, *pnPassPhraseCur)) != NULL) { apr_cpystrn(buf, cpp, bufsize); len = strlen(buf); return len; } /* * Builtin or Pipe dialog */ if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { char *prompt; int i; if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { if (!readtty) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Init: Creating pass phrase dialog pipe child " "'%s'", sc->server->pphrase_dialog_path); if (ssl_pipe_child_create(p, sc->server->pphrase_dialog_path) != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Init: Failed to create pass phrase pipe '%s'", sc->server->pphrase_dialog_path); PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); memset(buf, 0, (unsigned int)bufsize); return (-1); } } ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Init: Requesting pass phrase via piped dialog"); } else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */ #ifdef WIN32 PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); memset(buf, 0, (unsigned int)bufsize); return (-1); #else /* * stderr has already been redirected to the error_log. * rather than attempting to temporarily rehook it to the terminal, * we print the prompt to stdout before EVP_read_pw_string turns * off tty echo */ apr_file_open_stdout(&writetty, p); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Init: Requesting pass phrase via builtin terminal " "dialog"); #endif } /* * The first time display a header to inform the user about what * program he actually speaks to, which module is responsible for * this terminal dialog and why to the hell he has to enter * something... */ if (*pnPassPhraseDialog == 1) { apr_file_printf(writetty, "%s mod_ssl (Pass Phrase Dialog)\n", AP_SERVER_BASEVERSION); apr_file_printf(writetty, "Some of your private key files are encrypted for security reasons.\n"); apr_file_printf(writetty, "In order to read them you have to provide the pass phrases.\n"); } if (*pbPassPhraseDialogOnce) { *pbPassPhraseDialogOnce = FALSE; apr_file_printf(writetty, "\n"); apr_file_printf(writetty, "Server %s (%s)\n", cpVHostID, cpAlgoType); } /* * Emulate the OpenSSL internal pass phrase dialog * (see crypto/pem/pem_lib.c:def_callback() for details) */ prompt = "Enter pass phrase:"; for (;;) { apr_file_puts(prompt, writetty); if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { i = pipe_get_passwd_cb(buf, bufsize, "", FALSE); } else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */ i = EVP_read_pw_string(buf, bufsize, "", FALSE); } if (i != 0) { PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); memset(buf, 0, (unsigned int)bufsize); return (-1); } len = strlen(buf); if (len < 1) apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase empty (needs to be at least 1 character).\n"); else break; } } /* * Filter program */ else if (sc->server->pphrase_dialog_type == SSL_PPTYPE_FILTER) { const char *cmd = sc->server->pphrase_dialog_path; const char **argv = apr_palloc(p, sizeof(char *) * 4); char *result; ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Init: Requesting pass phrase from dialog filter " "program (%s)", cmd); argv[0] = cmd; argv[1] = cpVHostID; argv[2] = cpAlgoType; argv[3] = NULL; result = ssl_util_readfilter(s, p, cmd, argv); apr_cpystrn(buf, result, bufsize); len = strlen(buf); } /* * Ok, we now have the pass phrase, so give it back */ *cppPassPhraseCur = apr_pstrdup(p, buf); /* * And return its length to OpenSSL... */ return (len); }