Just like a week ago, here's the summary of changes to include/ public interfaces, sans the commentary-only changes in branches/1.4.x/include.
Please review the attached delta of apr-util 1.3.x to 1.4.x and chime in if you believe this is ready to tag. Thanks! Bill
Index: apu.h.in =================================================================== --- apu.h.in (.../1.3.x/include) (revision 889020) +++ apu.h.in (.../1.4.x/include) (revision 889020) @@ -102,6 +102,10 @@ #define APU_HAVE_FREETDS @apu_have_freetds@ #define APU_HAVE_ODBC @apu_have_odbc@ +#define APU_HAVE_CRYPTO @apu_have_crypto@ +#define APU_HAVE_OPENSSL @apu_have_openssl@ +#define APU_HAVE_NSS @apu_have_nss@ + #define APU_HAVE_APR_ICONV @have_apr_iconv@ #define APU_HAVE_ICONV @have_iconv@ #define APR_HAS_XLATE (APU_HAVE_APR_ICONV || APU_HAVE_ICONV) Index: apu.hnw =================================================================== --- apu.hnw (.../1.3.x/include) (revision 889020) +++ apu.hnw (.../1.4.x/include) (revision 889020) @@ -108,6 +108,13 @@ #define APU_HAVE_ODBC 0 #endif +#define APU_HAVE_CRYPTO 0 + +#ifndef APU_DSO_MODULE_BUILD +#define APU_HAVE_OPENSSL 0 +#define APU_HAVE_NSS 0 +#endif + #define APU_HAVE_APR_ICONV 0 #define APU_HAVE_ICONV 1 #define APR_HAS_XLATE (APU_HAVE_APR_ICONV || APU_HAVE_ICONV) Index: apu_errno.h =================================================================== --- apu_errno.h (.../1.3.x/include) (revision 0) +++ apu_errno.h (.../1.4.x/include) (revision 889020) @@ -0,0 +1,173 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef APU_ERRNO_H +#define APU_ERRNO_H + +/** + * @file apu_errno.h + * @brief APR-Util Error Codes + */ + +#include "apr.h" +#include "apr_errno.h" + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/** + * @defgroup apu_errno Error Codes + * @ingroup APR_Util + * @{ + */ + +/** + * @defgroup APR_Util_Error APR_Util Error Values + * <PRE> + * <b>APU ERROR VALUES</b> + * APR_ENOKEY The key provided was empty or NULL + * APR_ENOIV The initialisation vector provided was NULL + * APR_EKEYTYPE The key type was not recognised + * APR_ENOSPACE The buffer supplied was not big enough + * APR_ECRYPT An error occurred while encrypting or decrypting + * APR_EPADDING Padding was not supported + * APR_EKEYLENGTH The key length was incorrect + * APR_ENOCIPHER The cipher provided was not recognised + * APR_ENODIGEST The digest provided was not recognised + * APR_ENOENGINE The engine provided was not recognised + * APR_EINITENGINE The engine could not be initialised + * APR_EREINIT Underlying crypto has already been initialised + * </PRE> + * + * <PRE> + * <b>APR STATUS VALUES</b> + * APR_INCHILD Program is currently executing in the child + * </PRE> + * @{ + */ +/** @see APR_STATUS_IS_ENOKEY */ +#define APR_ENOKEY (APR_UTIL_START_STATUS + 1) +/** @see APR_STATUS_IS_ENOIV */ +#define APR_ENOIV (APR_UTIL_START_STATUS + 2) +/** @see APR_STATUS_IS_EKEYTYPE */ +#define APR_EKEYTYPE (APR_UTIL_START_STATUS + 3) +/** @see APR_STATUS_IS_ENOSPACE */ +#define APR_ENOSPACE (APR_UTIL_START_STATUS + 4) +/** @see APR_STATUS_IS_ECRYPT */ +#define APR_ECRYPT (APR_UTIL_START_STATUS + 5) +/** @see APR_STATUS_IS_EPADDING */ +#define APR_EPADDING (APR_UTIL_START_STATUS + 6) +/** @see APR_STATUS_IS_EKEYLENGTH */ +#define APR_EKEYLENGTH (APR_UTIL_START_STATUS + 7) +/** @see APR_STATUS_IS_ENOCIPHER */ +#define APR_ENOCIPHER (APR_UTIL_START_STATUS + 8) +/** @see APR_STATUS_IS_ENODIGEST */ +#define APR_ENODIGEST (APR_UTIL_START_STATUS + 9) +/** @see APR_STATUS_IS_ENOENGINE */ +#define APR_ENOENGINE (APR_UTIL_START_STATUS + 10) +/** @see APR_STATUS_IS_EINITENGINE */ +#define APR_EINITENGINE (APR_UTIL_START_STATUS + 11) +/** @see APR_STATUS_IS_EREINIT */ +#define APR_EREINIT (APR_UTIL_START_STATUS + 12) +/** @} */ + +/** + * @defgroup APU_STATUS_IS Status Value Tests + * @warning For any particular error condition, more than one of these tests + * may match. This is because platform-specific error codes may not + * always match the semantics of the POSIX codes these tests (and the + * corresponding APR error codes) are named after. A notable example + * are the APR_STATUS_IS_ENOENT and APR_STATUS_IS_ENOTDIR tests on + * Win32 platforms. The programmer should always be aware of this and + * adjust the order of the tests accordingly. + * @{ + */ + +/** @} */ + +/** + * @addtogroup APR_Util_Error + * @{ + */ +/** + * The key was empty or not provided + */ +#define APR_STATUS_IS_ENOKEY(s) ((s) == APR_ENOKEY) +/** + * The initialisation vector was not provided + */ +#define APR_STATUS_IS_ENOIV(s) ((s) == APR_ENOIV) +/** + * The key type was not recognised + */ +#define APR_STATUS_IS_EKEYTYPE(s) ((s) == APR_EKEYTYPE) +/** + * The buffer provided was not big enough + */ +#define APR_STATUS_IS_ENOSPACE(s) ((s) == APR_ENOSPACE) +/** + * An error occurred while encrypting or decrypting + */ +#define APR_STATUS_IS_ECRYPT(s) ((s) == APR_ECRYPT) +/** + * An error occurred while padding + */ +#define APR_STATUS_IS_EPADDING(s) ((s) == APR_EPADDING) +/** + * An error occurred with the key length + */ +#define APR_STATUS_IS_EKEYLENGTH(s) ((s) == APR_EKEYLENGTH) +/** + * The cipher provided was not recognised + */ +#define APR_STATUS_IS_ENOCIPHER(s) ((s) == APR_ENOCIPHER) +/** + * The digest provided was not recognised + */ +#define APR_STATUS_IS_ENODIGEST(s) ((s) == APR_ENODIGEST) +/** + * The engine provided was not recognised + */ +#define APR_STATUS_IS_ENOENGINE(s) ((s) == APR_ENOENGINE) +/** + * The engine could not be initialised + */ +#define APR_STATUS_IS_EINITENGINE(s) ((s) == APR_EINITENGINE) +/** + * Crypto has already been initialised + */ +#define APR_STATUS_IS_EREINIT(s) ((s) == APR_EREINIT) +/** @} */ + +/** + * This structure allows the underlying API error codes to be returned + * along with plain text error messages that explain to us mere mortals + * what really happened. + */ +typedef struct apu_err_t { + const char *reason; + const char *msg; + int rc; +} apu_err_t; + +/** @} */ + +#ifdef __cplusplus +} +#endif + +#endif /* ! APU_ERRNO_H */ Property changes on: apu_errno.h ___________________________________________________________________ Name: svn:eol-style + native Index: apu_version.h =================================================================== --- apu_version.h (.../1.3.x/include) (revision 889020) +++ apu_version.h (.../1.4.x/include) (revision 889020) @@ -53,13 +53,13 @@ * Minor API changes that do not cause binary compatibility problems. * Reset to 0 when upgrading APU_MAJOR_VERSION */ -#define APU_MINOR_VERSION 3 +#define APU_MINOR_VERSION 4 /** patch level * The Patch Level never includes API changes, simply bug fixes. * Reset to 0 when upgrading APR_MINOR_VERSION */ -#define APU_PATCH_VERSION 10 +#define APU_PATCH_VERSION 0 /** * The symbol APU_IS_DEV_VERSION is only defined for internal, Index: apu.hw =================================================================== --- apu.hw (.../1.3.x/include) (revision 889020) +++ apu.hw (.../1.4.x/include) (revision 889020) @@ -125,6 +125,13 @@ #define APU_HAVE_ODBC 1 #endif +#define APU_HAVE_CRYPTO 0 + +#ifndef APU_DSO_MODULE_BUILD +#define APU_HAVE_OPENSSL 0 +#define APU_HAVE_NSS 0 +#endif + #define APU_HAVE_APR_ICONV 1 #define APU_HAVE_ICONV 0 #define APR_HAS_XLATE (APU_HAVE_APR_ICONV || APU_HAVE_ICONV) Index: apr_reslist.h =================================================================== --- apr_reslist.h (.../1.3.x/include) (revision 889020) +++ apr_reslist.h (.../1.4.x/include) (revision 889020) @@ -28,15 +28,10 @@ #include "apr_errno.h" #include "apr_time.h" -#if APR_HAS_THREADS - /** * @defgroup APR_Util_RL Resource List Routines * @ingroup APR_Util * @{ - * @warning - * <strong><em>Resource list data types and routines are only available when - * threads are enabled (i.e. APR_HAS_THREADS is not zero).</em></strong> */ #ifdef __cplusplus @@ -64,6 +59,10 @@ typedef apr_status_t (*apr_reslist_destructor)(void *resource, void *params, apr_pool_t *pool); +/* Cleanup order modes */ +#define APR_RESLIST_CLEANUP_DEFAULT 0 /**< default pool cleanup */ +#define APR_RESLIST_CLEANUP_FIRST 1 /**< use pool pre cleanup */ + /** * Create a new resource list with the following parameters: * @param reslist An address where the pointer to the new resource @@ -81,15 +80,9 @@ * @param pool The pool from which to create this resource list. Also the * same pool that is passed to the constructor and destructor * routines. - * @warning If you're creating a sub-pool of the pool passed into this - * function in your constructor, you will need to follow some rules - * when it comes to destruction of that sub-pool, as calling - * apr_pool_destroy() outright on it in your destructor may create - * double free situations. That is because by the time destructor is - * called, the sub-pool may have already been destroyed. This also - * means that in the destructor, memory from the sub-pool should be - * treated as invalid. For examples of how to do this correctly, see - * mod_dbd of Apache 2.2 and memcache support in APR Util 1.3. + * @remark If APR has been compiled without thread support, hmax will be + * automatically set to 1 and values of min and smax will be forced to + * 1 for any non-zero value. */ APU_DECLARE(apr_status_t) apr_reslist_create(apr_reslist_t **reslist, int min, int smax, int hmax, @@ -149,13 +142,33 @@ APU_DECLARE(apr_status_t) apr_reslist_invalidate(apr_reslist_t *reslist, void *resource); +/** + * Perform routine maintenance on the resource list. This call + * may instantiate new resources or expire old resources. + * @param reslist The resource list. + */ +APU_DECLARE(apr_status_t) apr_reslist_maintain(apr_reslist_t *reslist); +/** + * Set reslist cleanup order. + * @param reslist The resource list. + * @param mode Cleanup order mode + * <PRE> + * APR_RESLIST_CLEANUP_DEFAULT default pool cleanup order + * APR_RESLIST_CLEANUP_FIRST use pool pre cleanup + * </PRE> + * @remark If APR_RESLIST_CLEANUP_FIRST is used the destructors will + * be called before child pools of the pool used to create the reslist + * are destroyed. This allows to explicitly destroy the child pools + * inside reslist destructors. + */ +APU_DECLARE(void) apr_reslist_cleanup_order_set(apr_reslist_t *reslist, + apr_uint32_t mode); + #ifdef __cplusplus } #endif /** @} */ -#endif /* APR_HAS_THREADS */ - #endif /* ! APR_RESLIST_H */ Index: apr_crypto.h =================================================================== --- apr_crypto.h (.../1.3.x/include) (revision 0) +++ apr_crypto.h (.../1.4.x/include) (revision 889020) @@ -0,0 +1,462 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef APR_CRYPTO_H +#define APR_CRYPTO_H + +#include "apu.h" +#include "apr_pools.h" +#include "apr_tables.h" +#include "apu_errno.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @file apr_crypto.h + * @brief APR-UTIL Crypto library + */ +/** + * @defgroup APR_Util_Crypto Crypto routines + * @ingroup APR_Util + * @{ + */ + +/** CA certificate type unknown */ +#define APR_CRYPTO_CA_TYPE_UNKNOWN 0 +/** binary DER encoded CA certificate */ +#define APR_CRYPTO_CA_TYPE_DER 1 +/** PEM encoded CA certificate */ +#define APR_CRYPTO_CA_TYPE_BASE64 2 +/** Netscape/Mozilla cert7.db CA certificate database */ +#define APR_CRYPTO_CA_TYPE_CERT7_DB 3 +/** Netscape/Mozilla secmod file */ +#define APR_CRYPTO_CA_TYPE_SECMOD 4 +/** Client certificate type unknown */ +#define APR_CRYPTO_CERT_TYPE_UNKNOWN 5 +/** binary DER encoded client certificate */ +#define APR_CRYPTO_CERT_TYPE_DER 6 +/** PEM encoded client certificate */ +#define APR_CRYPTO_CERT_TYPE_BASE64 7 +/** Netscape/Mozilla key3.db client certificate database */ +#define APR_CRYPTO_CERT_TYPE_KEY3_DB 8 +/** Netscape/Mozilla client certificate nickname */ +#define APR_CRYPTO_CERT_TYPE_NICKNAME 9 +/** Private key type unknown */ +#define APR_CRYPTO_KEY_TYPE_UNKNOWN 10 +/** binary DER encoded private key */ +#define APR_CRYPTO_KEY_TYPE_DER 11 +/** PEM encoded private key */ +#define APR_CRYPTO_KEY_TYPE_BASE64 12 +/** PKCS#12 encoded client certificate */ +#define APR_CRYPTO_CERT_TYPE_PFX 13 +/** PKCS#12 encoded private key */ +#define APR_CRYPTO_KEY_TYPE_PFX 14 +/** Openldap directory full of base64-encoded cert + * authorities with hashes in corresponding .0 directory + */ +#define APR_CRYPTO_CA_TYPE_CACERTDIR_BASE64 15 +/** CMS Key Database with private key and cert chain */ +#define APR_CRYPTO_CA_TYPE_CMS 16 +/** Symmetrical key */ +#define APR_CRYPTO_KEY_TYPE_SYM 17 +/** Netscape/Mozilla certificate database directory */ +#define APR_CRYPTO_CA_TYPE_DIR 18 +/** Crypto engine */ +#define APR_CRYPTO_ENGINE 101 + +#if APU_HAVE_CRYPTO + +#ifndef APU_CRYPTO_RECOMMENDED_DRIVER +#if APU_HAVE_OPENSSL +#define APU_CRYPTO_RECOMMENDED_DRIVER "openssl" +#else +#if APU_HAVE_NSS +#define APU_CRYPTO_RECOMMENDED_DRIVER "nss" +#else +#if APU_HAVE_MSCNG +#define APU_CRYPTO_RECOMMENDED_DRIVER "mscng" +#else +#if APU_HAVE_MSCAPI +#define APU_CRYPTO_RECOMMENDED_DRIVER "mscapi" +#else +#endif +#endif +#endif +#endif +#endif + +/** + * Symmetric Key types understood by the library. + * + * NOTE: It is expected that this list will grow over time. + * + * Interoperability Matrix: + * + * The matrix is based on the testcrypto.c unit test, which attempts to + * test whether a simple encrypt/decrypt will succeed, as well as testing + * whether an encrypted string by one library can be decrypted by the + * others. + * + * Some libraries will successfully encrypt and decrypt their own data, + * but won't decrypt data from another library. It is hoped that over + * time these anomalies will be found and fixed, but until then it is + * recommended that ciphers are chosen that interoperate across platform. + * + * An X below means the test passes, it does not necessarily mean that + * encryption performed is correct or secure. Applications should stick + * to ciphers that pass the interoperablity tests on the right hand side + * of the table. + * + * Aligned data is data whose length is a multiple of the block size for + * the chosen cipher. Padded data is data that is not aligned by block + * size and must be padded by the crypto library. + * + * OpenSSL NSS Interop + * Align Pad Align Pad Align Pad + * 3DES_192/CBC X X X X X X + * 3DES_192/ECB X X + * AES_256/CBC X X X X X X + * AES_256/ECB X X X X + * AES_192/CBC X X X X + * AES_192/ECB X X X + * AES_128/CBC X X X X + * AES_128/ECB X X X + * + * Conclusion: for padded data, use 3DES_192/CBC or AES_256/CBC. For + * aligned data, use 3DES_192/CBC, AES_256/CBC or AES_256/ECB. + */ + +typedef enum { + KEY_NONE, KEY_3DES_192, /** 192 bit (3-Key) 3DES */ + KEY_AES_128, /** 128 bit AES */ + KEY_AES_192, /** 192 bit AES */ + KEY_AES_256 +/** 256 bit AES */ +} apr_crypto_block_key_type_e; + +typedef enum { + MODE_NONE, /** An error condition */ + MODE_ECB, /** Electronic Code Book */ + MODE_CBC +/** Cipher Block Chaining */ +} apr_crypto_block_key_mode_e; + +/** + * Certificate and private key structure. + * + * The various crypto backends expect certificates and keys in a wide + * array of formats. This structure is analogous to apr_ldap_opt_tls_cert_t + * from the LDAP interface. Ultimately that interface should be meshed with + * this one. + * @param type Type of certificate APR_CRYPTO_*_TYPE_* + * @param path Path, file or nickname of the certificate + * @param password Optional password, can be NULL + */ +typedef struct apr_crypto_param_t { + int type; + const char *path; + const char *password; +} apr_crypto_param_t; + +/* These are opaque structs. Instantiation is up to each backend */ +typedef struct apr_crypto_driver_t apr_crypto_driver_t; +typedef struct apr_crypto_config_t apr_crypto_config_t; +typedef struct apr_crypto_key_t apr_crypto_key_t; +typedef struct apr_crypto_block_t apr_crypto_block_t; + +/** + * Public factory API, common to all backends. + */ +typedef struct apr_crypto_t { + apr_pool_t *pool; + apu_err_t *result; + apr_array_header_t *keys; + apr_crypto_config_t *config; +} apr_crypto_t; + +/** + * @brief Perform once-only initialisation. Call once only. + * + * @param pool - pool to register any shutdown cleanups, etc + * @return APR_NOTIMPL in case of no crypto support. + */ +APU_DECLARE(apr_status_t) apr_crypto_init(apr_pool_t *pool, + const apr_array_header_t *params); + +/** + * @brief Get the driver struct for a name + * + * @param pool - (process) pool to register cleanup + * @param name - driver name + * @param driver - pointer to driver struct. + * @return APR_SUCCESS for success + * @return APR_ENOTIMPL for no driver (when DSO not enabled) + * @return APR_EDSOOPEN if DSO driver file can't be opened + * @return APR_ESYMNOTFOUND if the driver file doesn't contain a driver + */ +APU_DECLARE(apr_status_t) apr_crypto_get_driver(apr_pool_t *pool, const char *name, + const apr_crypto_driver_t **driver, const apr_array_header_t *params, + const apu_err_t **result); + +/** + * @brief Return the name of the driver. + * + * @param driver - The driver in use. + * @return The name of the driver. + */ +APU_DECLARE(const char *)apr_crypto_driver_name (const apr_crypto_driver_t *driver); + +/** + * @brief Get the result of the last operation on a factory. If the result + * is NULL, the operation was successful. + * @param driver - driver to use + * @param factory - factory pointer will be written here + * @param result - the result structure + * @return APR_SUCCESS for success + */ +APU_DECLARE(apr_status_t) apr_crypto_error(const apr_crypto_t *f, + const apu_err_t **result); + +/** + * @brief Create a context for supporting encryption. Keys, certificates, + * algorithms and other parameters will be set per context. More than + * one context can be created at one time. A cleanup will be automatically + * registered with the given pool to guarantee a graceful shutdown. + * @param driver - driver to use + * @param pool - process pool + * @param params - array of key parameters + * @param factory - factory pointer will be written here + * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE + * if the engine cannot be initialised. + */ +APU_DECLARE(apr_status_t) apr_crypto_factory(const apr_crypto_driver_t *driver, + apr_pool_t *pool, const apr_array_header_t *params, apr_crypto_t **f); + +/** + * @brief Create a key from the given passphrase. By default, the PBKDF2 + * algorithm is used to generate the key from the passphrase. It is expected + * that the same pass phrase will generate the same key, regardless of the + * backend crypto platform used. The key is cleaned up when the context + * is cleaned, and may be reused with multiple encryption or decryption + * operations. + * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If + * *key is not NULL, *key must point at a previously created structure. + * @param driver - driver to use + * @param p The pool to use. + * @param f The context to use. + * @param pass The passphrase to use. + * @param passLen The passphrase length in bytes + * @param salt The salt to use. + * @param saltLen The salt length in bytes + * @param type 3DES_192, AES_128, AES_192, AES_256. + * @param mode Electronic Code Book / Cipher Block Chaining. + * @param doPad Pad if necessary. + * @param key The key returned, see note. + * @param ivSize The size of the initialisation vector will be returned, based + * on whether an IV is relevant for this type of crypto. + * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend + * error occurred while generating the key. APR_ENOCIPHER if the type or mode + * is not supported by the particular backend. APR_EKEYTYPE if the key type is + * not known. APR_EPADDING if padding was requested but is not supported. + * APR_ENOTIMPL if not implemented. + */ +APU_DECLARE(apr_status_t) apr_crypto_passphrase(const apr_crypto_driver_t *driver, + apr_pool_t *p, const apr_crypto_t *f, const char *pass, + apr_size_t passLen, const unsigned char * salt, apr_size_t saltLen, + const apr_crypto_block_key_type_e type, + const apr_crypto_block_key_mode_e mode, const int doPad, + const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize); + +/** + * @brief Initialise a context for encrypting arbitrary data using the given key. + * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If + * *ctx is not NULL, *ctx must point at a previously created structure. + * @param driver - driver to use + * @param p The pool to use. + * @param f The block factory to use. + * @param key The key structure to use. + * @param iv Optional initialisation vector. If the buffer pointed to is NULL, + * an IV will be created at random, in space allocated from the pool. + * If the buffer pointed to is not NULL, the IV in the buffer will be + * used. + * @param ctx The block context returned, see note. + * @param blockSize The block size of the cipher. + * @return Returns APR_ENOIV if an initialisation vector is required but not specified. + * Returns APR_EINIT if the backend failed to initialise the context. Returns + * APR_ENOTIMPL if not implemented. + */ +APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_init( + const apr_crypto_driver_t *driver, apr_pool_t *p, + const apr_crypto_t *f, const apr_crypto_key_t *key, + const unsigned char **iv, apr_crypto_block_t **ctx, + apr_size_t *blockSize); + +/** + * @brief Encrypt data provided by in, write it to out. + * @note The number of bytes written will be written to outlen. If + * out is NULL, outlen will contain the maximum size of the + * buffer needed to hold the data, including any data + * generated by apr_crypto_block_encrypt_finish below. If *out points + * to NULL, a buffer sufficiently large will be created from + * the pool provided. If *out points to a not-NULL value, this + * value will be used as a buffer instead. + * @param driver - driver to use + * @param ctx The block context to use. + * @param out Address of a buffer to which data will be written, + * see note. + * @param outlen Length of the output will be written here. + * @param in Address of the buffer to read. + * @param inlen Length of the buffer to read. + * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if + * not implemented. + */ +APU_DECLARE(apr_status_t) apr_crypto_block_encrypt( + const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, + unsigned char **out, apr_size_t *outlen, const unsigned char *in, + apr_size_t inlen); + +/** + * @brief Encrypt final data block, write it to out. + * @note If necessary the final block will be written out after being + * padded. Typically the final block will be written to the + * same buffer used by apr_crypto_block_encrypt, offset by the + * number of bytes returned as actually written by the + * apr_crypto_block_encrypt() call. After this call, the context + * is cleaned and can be reused by apr_crypto_block_encrypt_init(). + * @param driver - driver to use + * @param ctx The block context to use. + * @param out Address of a buffer to which data will be written. This + * buffer must already exist, and is usually the same + * buffer used by apr_evp_crypt(). See note. + * @param outlen Length of the output will be written here. + * @return APR_ECRYPT if an error occurred. + * @return APR_EPADDING if padding was enabled and the block was incorrectly + * formatted. + * @return APR_ENOTIMPL if not implemented. + */ +APU_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish( + const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, + unsigned char *out, apr_size_t *outlen); + +/** + * @brief Initialise a context for decrypting arbitrary data using the given key. + * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If + * *ctx is not NULL, *ctx must point at a previously created structure. + * @param driver - driver to use + * @param p The pool to use. + * @param f The block factory to use. + * @param key The key structure to use. + * @param iv Optional initialisation vector. + * @param ctx The block context returned, see note. + * @param blockSize The block size of the cipher. + * @return Returns APR_ENOIV if an initialisation vector is required but not specified. + * Returns APR_EINIT if the backend failed to initialise the context. Returns + * APR_ENOTIMPL if not implemented. + */ +APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_init( + const apr_crypto_driver_t *driver, apr_pool_t *p, + const apr_crypto_t *f, const apr_crypto_key_t *key, + const unsigned char *iv, apr_crypto_block_t **ctx, + apr_size_t *blockSize); + +/** + * @brief Decrypt data provided by in, write it to out. + * @note The number of bytes written will be written to outlen. If + * out is NULL, outlen will contain the maximum size of the + * buffer needed to hold the data, including any data + * generated by apr_crypto_block_decrypt_finish below. If *out points + * to NULL, a buffer sufficiently large will be created from + * the pool provided. If *out points to a not-NULL value, this + * value will be used as a buffer instead. + * @param driver - driver to use + * @param ctx The block context to use. + * @param out Address of a buffer to which data will be written, + * see note. + * @param outlen Length of the output will be written here. + * @param in Address of the buffer to read. + * @param inlen Length of the buffer to read. + * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if + * not implemented. + */ +APU_DECLARE(apr_status_t) apr_crypto_block_decrypt( + const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, + unsigned char **out, apr_size_t *outlen, const unsigned char *in, + apr_size_t inlen); + +/** + * @brief Decrypt final data block, write it to out. + * @note If necessary the final block will be written out after being + * padded. Typically the final block will be written to the + * same buffer used by apr_crypto_block_decrypt, offset by the + * number of bytes returned as actually written by the + * apr_crypto_block_decrypt() call. After this call, the context + * is cleaned and can be reused by apr_crypto_block_decrypt_init(). + * @param driver - driver to use + * @param ctx The block context to use. + * @param out Address of a buffer to which data will be written. This + * buffer must already exist, and is usually the same + * buffer used by apr_evp_crypt(). See note. + * @param outlen Length of the output will be written here. + * @return APR_ECRYPT if an error occurred. + * @return APR_EPADDING if padding was enabled and the block was incorrectly + * formatted. + * @return APR_ENOTIMPL if not implemented. + */ +APU_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish( + const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx, + unsigned char *out, apr_size_t *outlen); + +/** + * @brief Clean encryption / decryption context. + * @note After cleanup, a context is free to be reused if necessary. + * @param driver - driver to use + * @param ctx The block context to use. + * @return Returns APR_ENOTIMPL if not supported. + */ +APU_DECLARE(apr_status_t) apr_crypto_block_cleanup( + const apr_crypto_driver_t *driver, apr_crypto_block_t *ctx); + +/** + * @brief Clean encryption / decryption factory. + * @note After cleanup, a factory is free to be reused if necessary. + * @param driver - driver to use + * @param f The factory to use. + * @return Returns APR_ENOTIMPL if not supported. + */ +APU_DECLARE(apr_status_t) apr_crypto_cleanup(const apr_crypto_driver_t *driver, + apr_crypto_t *f); + +/** + * @brief Shutdown the crypto library. + * @note After shutdown, it is expected that the init function can be called again. + * @param driver - driver to use + * @param p The pool to use. + * @return Returns APR_ENOTIMPL if not supported. + */ +APU_DECLARE(apr_status_t) apr_crypto_shutdown(const apr_crypto_driver_t *driver, + apr_pool_t *p); + +#endif /* APU_HAVE_CRYPTO */ + +/** @} */ + +#ifdef __cplusplus +} +#endif + +#endif Property changes on: apr_crypto.h ___________________________________________________________________ Name: svn:eol-style + native Index: apr_hooks.h =================================================================== --- apr_hooks.h (.../1.3.x/include) (revision 889020) +++ apr_hooks.h (.../1.4.x/include) (revision 889020) @@ -21,6 +21,23 @@ /* For apr_array_header_t */ #include "apr_tables.h" +#ifdef APR_DTRACE_PROVIDER +#include <sys/sdt.h> +#ifndef OLD_DTRACE_PROBE +#define OLD_DTRACE_PROBE(name) __dtrace_ap___##name() +#endif +#ifndef OLD_DTRACE_PROBE1 +#define OLD_DTRACE_PROBE1(name,a) __dtrace_ap___##name(a) +#endif +#ifndef OLD_DTRACE_PROBE2 +#define OLD_DTRACE_PROBE2(name,a,b) __dtrace_ap___##name(a,b) +#endif +#else +#define OLD_DTRACE_PROBE(a) +#define OLD_DTRACE_PROBE1(a,b) +#define OLD_DTRACE_PROBE2(a,b,c) +#endif + /** * @file apr_hooks.h * @brief Apache hook functions @@ -107,12 +124,21 @@ ns##_LINK_##name##_t *pHook; \ int n; \ \ - if(!_hooks.link_##name) \ - return; \ + OLD_DTRACE_PROBE(name##__entry); \ \ - pHook=(ns##_LINK_##name##_t *)_hooks.link_##name->elts; \ - for(n=0 ; n < _hooks.link_##name->nelts ; ++n) \ - pHook[n].pFunc args_use; \ + if(_hooks.link_##name) \ + { \ + pHook=(ns##_LINK_##name##_t *)_hooks.link_##name->elts; \ + for(n=0 ; n < _hooks.link_##name->nelts ; ++n) \ + { \ + OLD_DTRACE_PROBE1(name##__dispatch__invoke, (char *)pHook[n].szName); \ + pHook[n].pFunc args_use; \ + OLD_DTRACE_PROBE2(name##__dispatch__complete, (char *)pHook[n].szName, 0); \ + } \ + } \ +\ + OLD_DTRACE_PROBE1(name##__return, 0); \ +\ } /* FIXME: note that this returns ok when nothing is run. I suspect it should @@ -139,20 +165,27 @@ { \ ns##_LINK_##name##_t *pHook; \ int n; \ - ret rv; \ + ret rv = ok; \ \ - if(!_hooks.link_##name) \ - return ok; \ + OLD_DTRACE_PROBE(name##__entry); \ \ - pHook=(ns##_LINK_##name##_t *)_hooks.link_##name->elts; \ - for(n=0 ; n < _hooks.link_##name->nelts ; ++n) \ - { \ - rv=pHook[n].pFunc args_use; \ + if(_hooks.link_##name) \ + { \ + pHook=(ns##_LINK_##name##_t *)_hooks.link_##name->elts; \ + for(n=0 ; n < _hooks.link_##name->nelts ; ++n) \ + { \ + OLD_DTRACE_PROBE1(name##__dispatch__invoke, (char *)pHook[n].szName); \ + rv=pHook[n].pFunc args_use; \ + OLD_DTRACE_PROBE2(name##__dispatch__complete, (char *)pHook[n].szName, rv); \ + if(rv != ok && rv != decline) \ + break; \ + rv = ok; \ + } \ + } \ \ - if(rv != ok && rv != decline) \ - return rv; \ - } \ - return ok; \ + OLD_DTRACE_PROBE1(name##__return, rv); \ +\ + return rv; \ } @@ -176,20 +209,27 @@ { \ ns##_LINK_##name##_t *pHook; \ int n; \ - ret rv; \ + ret rv = decline; \ \ - if(!_hooks.link_##name) \ - return decline; \ + OLD_DTRACE_PROBE(name##__entry); \ \ - pHook=(ns##_LINK_##name##_t *)_hooks.link_##name->elts; \ - for(n=0 ; n < _hooks.link_##name->nelts ; ++n) \ - { \ - rv=pHook[n].pFunc args_use; \ + if(_hooks.link_##name) \ + { \ + pHook=(ns##_LINK_##name##_t *)_hooks.link_##name->elts; \ + for(n=0 ; n < _hooks.link_##name->nelts ; ++n) \ + { \ + OLD_DTRACE_PROBE1(name##__dispatch__invoke, (char *)pHook[n].szName); \ + rv=pHook[n].pFunc args_use; \ + OLD_DTRACE_PROBE2(name##__dispatch__complete, (char *)pHook[n].szName, rv); \ \ - if(rv != decline) \ - return rv; \ - } \ - return decline; \ + if(rv != decline) \ + break; \ + } \ + } \ +\ + OLD_DTRACE_PROBE1(name##__return, rv); \ +\ + return rv; \ } /* Hook orderings */
