static apr_crypto_t *make(abts_case *tc, apr_pool_t *pool,
const apr_crypto_driver_t *driver) {
apr_crypto_t *f = NULL;
if (!driver) {
return NULL;
}
/* get the context */
apr_crypto_make(driver, pool, NULL, &f);
ABTS_ASSERT(tc, "apr_crypto_make returned NULL", f != NULL);
return f;
}
/* Set CTX to a Subversion cryptography context allocated from
RESULT_POOL. */
svn_error_t *
svn_crypto__context_create(svn_crypto__ctx_t **ctx,
apr_pool_t *result_pool)
{
#ifdef SVN_HAVE_CRYPTO
apr_status_t apr_err;
const apu_err_t *apu_err = NULL;
apr_crypto_t *apr_crypto;
const apr_crypto_driver_t *driver;
CRYPTO_INIT(result_pool);
/* Load the crypto driver.
### TODO: For the sake of flexibility, should we use
### APU_CRYPTO_RECOMMENDED_DRIVER instead of hard coding
### "openssl" here?
NOTE: Potential bugs in get_driver() imply we might get
APR_SUCCESS and NULL. Sigh. Just be a little more careful in
error generation here. */
apr_err = apr_crypto_get_driver(&driver, "openssl", NULL, &apu_err,
result_pool);
if (apr_err != APR_SUCCESS)
return svn_error_create(apr_err, err_from_apu_err(apr_err, apu_err),
_("OpenSSL crypto driver error"));
if (driver == NULL)
return svn_error_create(APR_EGENERAL,
err_from_apu_err(APR_EGENERAL, apu_err),
_("Bad return value while loading crypto "
"driver"));
apr_err = apr_crypto_make(&apr_crypto, driver, NULL, result_pool);
if (apr_err != APR_SUCCESS || apr_crypto == NULL)
return svn_error_create(apr_err, NULL,
_("Error creating OpenSSL crypto context"));
/* Allocate and initialize our crypto context. */
*ctx = apr_palloc(result_pool, sizeof(**ctx));
(*ctx)->crypto = apr_crypto;
return SVN_NO_ERROR;
#else /* SVN_HAVE_CRYPTO */
return svn_error_create(SVN_ERR_UNSUPPORTED_FEATURE, NULL,
"Cryptographic support is not available");
#endif /* SVN_HAVE_CRYPTO */
}
/**
* Initialise the SSL in the post_config hook.
*/
static int session_crypto_init(apr_pool_t *p, apr_pool_t *plog,
apr_pool_t *ptemp, server_rec *s)
{
const apr_crypto_driver_t *driver = NULL;
apr_crypto_t *f = NULL;
session_crypto_conf *conf = ap_get_module_config(s->module_config,
&session_crypto_module);
/* session_crypto_init() will be called twice. Don't bother
* going through all of the initialization on the first call
* because it will just be thrown away.*/
if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG) {
return OK;
}
if (conf->library) {
const apu_err_t *err = NULL;
apr_status_t rv;
rv = apr_crypto_init(p);
if (APR_SUCCESS != rv) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(01843)
"APR crypto could not be initialised");
return rv;
}
rv = apr_crypto_get_driver(&driver, conf->library, conf->params, &err, p);
if (APR_EREINIT == rv) {
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, APLOGNO(01844)
"warning: crypto for '%s' was already initialised, "
"using existing configuration", conf->library);
rv = APR_SUCCESS;
}
if (APR_SUCCESS != rv && err) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(01845)
"%s", err->msg);
return rv;
}
if (APR_ENOTIMPL == rv) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(01846)
"The crypto library '%s' could not be found",
conf->library);
return rv;
}
if (APR_SUCCESS != rv || !driver) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(01847)
"The crypto library '%s' could not be loaded",
conf->library);
return rv;
}
rv = apr_crypto_make(&f, driver, conf->params, p);
if (APR_SUCCESS != rv) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(01848)
"The crypto library '%s' could not be initialised",
conf->library);
return rv;
}
ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, APLOGNO(01849)
"The crypto library '%s' was loaded successfully",
conf->library);
apr_pool_userdata_set((const void *)f, CRYPTO_KEY,
apr_pool_cleanup_null, s->process->pconf);
}
return OK;
}
