[rs-commit] r258 - /mod_ca/trunk/mod_ca_simple.c

rs-commit at redwax.eu rs-commit at redwax.eu
Fri Jan 10 07:14:04 CET 2020


Author: dirkx at redwax.eu
Date: Fri Jan 10 07:14:03 2020
New Revision: 258

Log:
Some algoritms, such as 'X9.42 DH' have a space in them (full list with < openssl list -public-key-algorithms >). So we need to be slightly more careful with tokenizing - and thus vall back of ARGV which understands ticks and double quoted text.

Modified:
    mod_ca/trunk/mod_ca_simple.c

Modified: mod_ca/trunk/mod_ca_simple.c
==============================================================================
--- mod_ca/trunk/mod_ca_simple.c	(original)
+++ mod_ca/trunk/mod_ca_simple.c	Fri Jan 10 07:14:03 2020
@@ -1099,24 +1099,24 @@
     return NULL;
 }
 
-static const char *set_ca_algorithm(cmd_parms *cmd, void *dconf, const char *args)
+static const char *set_ca_algorithm(cmd_parms *cmd, void *dconf, 
+                                    int argc, char *const argv[])
 {
     ca_config_rec *conf = dconf;
-
-    char *arg;
-    char *tok;
 
     const EVP_PKEY_ASN1_METHOD *method;
     int pkey_id;
 
-    arg = apr_strtok(apr_pstrdup(cmd->pool, args), " \t", &tok);
-
     ERR_clear_error();
-    method = EVP_PKEY_asn1_find_str(NULL, arg, -1);
+
+    if (argc < 1) return log_config(cmd, "CASimpleAlgorithm needs at least one "
+       "argument -- the name of the algoritm");
+
+    method = EVP_PKEY_asn1_find_str(NULL, argv[0], -1);
     if (!method) {
         return log_config(cmd,
                 apr_psprintf(cmd->pool,
-                        "CASimpleAlgorithm '%s' was not found", arg));
+                        "CASimpleAlgorithm '%s' was not found", argv[0]));
     }
 
     EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, method);
@@ -1124,7 +1124,7 @@
     if (!conf->pkey_ctx) {
         return log_config(cmd,
                 apr_psprintf(cmd->pool,
-                        "CASimpleAlgorithm '%s': EVP_PKEY_CTX could not be created for private key ID %d", arg, pkey_id));
+                        "CASimpleAlgorithm '%s': EVP_PKEY_CTX could not be created for private key ID %d", argv[0], pkey_id));
     }
 
     apr_pool_cleanup_register(cmd->pool, conf->pkey_ctx, ca_EVP_PKEY_CTX_cleanup,
@@ -1133,10 +1133,11 @@
     if (EVP_PKEY_keygen_init(conf->pkey_ctx) <= 0) {
         return log_config(cmd,
                 apr_psprintf(cmd->pool,
-                        "CASimpleAlgorithm '%s': EVP_PKEY keygen could not be initialised", arg));
-    }
-
-    while ((arg = apr_strtok(NULL,",", &tok))) {
+                        "CASimpleAlgorithm '%s': EVP_PKEY keygen could not be initialised", argv[0]));
+    }
+
+    for(int i = 1; i < argc; i++) {
+        const char *arg = argv[i];
         char *val = strchr(arg, '=');
         if (val) {
             *(val++) = 0;
@@ -1144,15 +1145,14 @@
         else {
             return log_config(cmd,
                     apr_psprintf(cmd->pool,
-                            "CASimpleAlgorithm parameter '%s' must be a name=value pair", arg));
+                            "CASimpleAlgorithm parameter %d '%s' must be a name=value pair", i, arg));
         }
 
         if (EVP_PKEY_CTX_ctrl_str(conf->pkey_ctx, arg, val) <= 0) {
             return log_config(cmd,
                     apr_psprintf(cmd->pool,
-                            "CASimpleAlgorithm parameter '%s' cannot be set to '%s'", arg, val));
-        }
-
+                            "CASimpleAlgorithm parameter %d '%s' cannot be set to '%s'", i, arg, val));
+        }
     }
 
     conf->pkey_ctx_set = 1;
@@ -1232,7 +1232,7 @@
     AP_INIT_TAKE2("CASimpleExtension",
             set_ca_extension, NULL, RSRC_CONF | ACCESS_CONF,
             "Certificate extension to add to the certificate when signed."),
-    AP_INIT_RAW_ARGS("CASimpleAlgorithm",
+    AP_INIT_TAKE_ARGV("CASimpleAlgorithm",
             set_ca_algorithm, NULL, RSRC_CONF | ACCESS_CONF,
             "When enabled, private keys will be generated with this algorithm."),
     AP_INIT_TAKE1("CASimpleParamFile",



More information about the rs-commit mailing list