From 53d422e9de39c46e59a49e63098f6fdd5a4d2e2d Mon Sep 17 00:00:00 2001 From: Breno Silva Date: Tue, 30 Oct 2012 18:02:22 -0400 Subject: [PATCH] Change names of HMAC feature to HASH --- CHANGES | 2 + apache2/apache2_config.c | 116 +++++++++++++++++++-------------------- apache2/apache2_io.c | 6 +- apache2/modsecurity.h | 40 +++++++------- apache2/msc_crypt.c | 100 ++++++++++++++++----------------- apache2/re_actions.c | 32 +++++------ apache2/re_operators.c | 26 ++++----- 7 files changed, 162 insertions(+), 160 deletions(-) diff --git a/CHANGES b/CHANGES index 61ec970e..12412e53 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ 29 Oct 2012 - 2.7.1 ------------------- + * Changed "Encryption" name of directives and options related to hmac feature to "Hash". + * Added a better random bytes generator using apr_generate_random_bytes() to create the HMAC key. diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index 45f1587f..d60964a4 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -67,7 +67,7 @@ void *create_directory_config(apr_pool_t *mp, char *path) dcfg->rule_inheritance = NOT_SET; dcfg->rule_exceptions = apr_array_make(mp, 16, sizeof(rule_exception *)); - dcfg->encryption_method = apr_array_make(mp, 16, sizeof(encryption_method *)); + dcfg->hash_method = apr_array_make(mp, 16, sizeof(hash_method *)); /* audit log variables */ dcfg->auditlog_flag = NOT_SET; @@ -139,8 +139,8 @@ void *create_directory_config(apr_pool_t *mp, char *path) dcfg->crypto_key_len = NOT_SET; dcfg->crypto_key_add = NOT_SET; dcfg->crypto_param_name = NOT_SET_P; - dcfg->encryption_is_enabled = NOT_SET; - dcfg->encryption_enforcement = NOT_SET; + dcfg->hash_is_enabled = NOT_SET; + dcfg->hash_enforcement = NOT_SET; dcfg->crypto_hash_href_rx = NOT_SET; dcfg->crypto_hash_faction_rx = NOT_SET; dcfg->crypto_hash_location_rx = NOT_SET; @@ -446,8 +446,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) merged->rule_exceptions = apr_array_append(mp, parent->rule_exceptions, child->rule_exceptions); - merged->encryption_method = apr_array_append(mp, parent->encryption_method, - child->encryption_method); + merged->hash_method = apr_array_append(mp, parent->hash_method, + child->hash_method); /* audit log variables */ merged->auditlog_flag = (child->auditlog_flag == NOT_SET @@ -552,7 +552,7 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) merged->col_timeout = (child->col_timeout == NOT_SET ? parent->col_timeout : child->col_timeout); - /* Encryption */ + /* Hash */ merged->crypto_key = (child->crypto_key == NOT_SET_P ? parent->crypto_key : child->crypto_key); merged->crypto_key_len = (child->crypto_key_len == NOT_SET @@ -561,10 +561,10 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) ? parent->crypto_key_add : child->crypto_key_add); merged->crypto_param_name = (child->crypto_param_name == NOT_SET_P ? parent->crypto_param_name : child->crypto_param_name); - merged->encryption_is_enabled = (child->encryption_is_enabled == NOT_SET - ? parent->encryption_is_enabled : child->encryption_is_enabled); - merged->encryption_enforcement = (child->encryption_enforcement == NOT_SET - ? parent->encryption_enforcement : child->encryption_enforcement); + merged->hash_is_enabled = (child->hash_is_enabled == NOT_SET + ? parent->hash_is_enabled : child->hash_is_enabled); + merged->hash_enforcement = (child->hash_enforcement == NOT_SET + ? parent->hash_enforcement : child->hash_enforcement); merged->crypto_hash_href_rx = (child->crypto_hash_href_rx == NOT_SET ? parent->crypto_hash_href_rx : child->crypto_hash_href_rx); merged->crypto_hash_faction_rx = (child->crypto_hash_faction_rx == NOT_SET @@ -687,13 +687,13 @@ void init_directory_config(directory_config *dcfg) if (dcfg->col_timeout == NOT_SET) dcfg->col_timeout = 3600; - /* Encryption */ + /* Hash */ if (dcfg->crypto_key == NOT_SET_P) dcfg->crypto_key = getkey(dcfg->mp); if (dcfg->crypto_key_len == NOT_SET) dcfg->crypto_key_len = strlen(dcfg->crypto_key); - if (dcfg->crypto_key_add == NOT_SET) dcfg->crypto_key_add = ENCRYPTION_KEYONLY; + if (dcfg->crypto_key_add == NOT_SET) dcfg->crypto_key_add = HASH_KEYONLY; if (dcfg->crypto_param_name == NOT_SET_P) dcfg->crypto_param_name = "crypt"; - if (dcfg->encryption_is_enabled == NOT_SET) dcfg->encryption_is_enabled = ENCRYPTION_DISABLED; - if (dcfg->encryption_enforcement == NOT_SET) dcfg->encryption_enforcement = ENCRYPTION_DISABLED; + if (dcfg->hash_is_enabled == NOT_SET) dcfg->hash_is_enabled = HASH_DISABLED; + if (dcfg->hash_enforcement == NOT_SET) dcfg->hash_enforcement = HASH_DISABLED; if (dcfg->crypto_hash_href_rx == NOT_SET) dcfg->crypto_hash_href_rx = 0; if (dcfg->crypto_hash_faction_rx == NOT_SET) dcfg->crypto_hash_faction_rx = 0; if (dcfg->crypto_hash_location_rx == NOT_SET) dcfg->crypto_hash_location_rx = 0; @@ -2255,7 +2255,7 @@ static const char *cmd_sensor_id(cmd_parms *cmd, void *_dcfg, const char *p1) /** -* \brief Add SecEncryption configuration option +* \brief Add SecHash configuration option * * \param cmd Pointer to configuration data * \param _dcfg Pointer to directory configuration @@ -2264,18 +2264,18 @@ static const char *cmd_sensor_id(cmd_parms *cmd, void *_dcfg, const char *p1) * \retval NULL On failure * \retval apr_psprintf On Success */ -static const char *cmd_encryption_engine(cmd_parms *cmd, void *_dcfg, const char *p1) +static const char *cmd_hash_engine(cmd_parms *cmd, void *_dcfg, const char *p1) { directory_config *dcfg = (directory_config *)_dcfg; if (dcfg == NULL) return NULL; if (strcasecmp(p1, "on") == 0) { - dcfg->encryption_is_enabled = ENCRYPTION_ENABLED; - dcfg->encryption_enforcement = ENCRYPTION_ENABLED; + dcfg->hash_is_enabled = HASH_ENABLED; + dcfg->hash_enforcement = HASH_ENABLED; } else if (strcasecmp(p1, "off") == 0) { - dcfg->encryption_is_enabled = ENCRYPTION_DISABLED; - dcfg->encryption_enforcement = ENCRYPTION_DISABLED; + dcfg->hash_is_enabled = HASH_DISABLED; + dcfg->hash_enforcement = HASH_DISABLED; } else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRuleEngine: %s", p1); @@ -2283,7 +2283,7 @@ static const char *cmd_encryption_engine(cmd_parms *cmd, void *_dcfg, const char } /** -* \brief Add SecEncryptionPram configuration option +* \brief Add SecHashPram configuration option * * \param cmd Pointer to configuration data * \param _dcfg Pointer to directory configuration @@ -2291,7 +2291,7 @@ static const char *cmd_encryption_engine(cmd_parms *cmd, void *_dcfg, const char * * \retval NULL On success */ -static const char *cmd_encryption_param(cmd_parms *cmd, void *_dcfg, const char *p1) +static const char *cmd_hash_param(cmd_parms *cmd, void *_dcfg, const char *p1) { directory_config *dcfg = (directory_config *)_dcfg; @@ -2304,7 +2304,7 @@ static const char *cmd_encryption_param(cmd_parms *cmd, void *_dcfg, const char } /** -* \brief Add SecEncryptionKey configuration option +* \brief Add SecHashKey configuration option * * \param cmd Pointer to configuration data * \param _dcfg Pointer to directory configuration @@ -2313,7 +2313,7 @@ static const char *cmd_encryption_param(cmd_parms *cmd, void *_dcfg, const char * * \retval NULL On success */ -static const char *cmd_encryption_key(cmd_parms *cmd, void *_dcfg, const char *_p1, const char *_p2) +static const char *cmd_hash_key(cmd_parms *cmd, void *_dcfg, const char *_p1, const char *_p2) { directory_config *dcfg = (directory_config *)_dcfg; char *p1 = NULL; @@ -2335,17 +2335,17 @@ static const char *cmd_encryption_key(cmd_parms *cmd, void *_dcfg, const char *_ return NULL; } else { if (strcasecmp(_p2, "KeyOnly") == 0) - dcfg->crypto_key_add = ENCRYPTION_KEYONLY; + dcfg->crypto_key_add = HASH_KEYONLY; else if (strcasecmp(_p2, "SessionID") == 0) - dcfg->crypto_key_add = ENCRYPTION_SESSIONID; + dcfg->crypto_key_add = HASH_SESSIONID; else if (strcasecmp(_p2, "RemoteIP") == 0) - dcfg->crypto_key_add = ENCRYPTION_REMOTEIP; + dcfg->crypto_key_add = HASH_REMOTEIP; } return NULL; } /** -* \brief Add SecEncryptionMethodPm configuration option +* \brief Add SecHashMethodPm configuration option * * \param cmd Pointer to configuration data * \param _dcfg Pointer to directory configuration @@ -2355,11 +2355,11 @@ static const char *cmd_encryption_key(cmd_parms *cmd, void *_dcfg, const char *_ * \retval NULL On failure * \retval apr_psprintf On Success */ -static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg, +static const char *cmd_hash_method_pm(cmd_parms *cmd, void *_dcfg, const char *p1, const char *p2) { directory_config *dcfg = (directory_config *)_dcfg; - rule_exception *re = apr_pcalloc(cmd->pool, sizeof(encryption_method)); + rule_exception *re = apr_pcalloc(cmd->pool, sizeof(hash_method)); const char *_p2 = apr_pstrdup(cmd->pool, p2); ACMP *p = NULL; const char *phrase = NULL; @@ -2385,7 +2385,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg, acmp_prepare(p); if (strcasecmp(p1, "HashHref") == 0) { - re->type = ENCRYPTION_URL_HREF_HASH_PM; + re->type = HASH_URL_HREF_HASH_PM; re->param = _p2; re->param_data = (void *)p; if (re->param_data == NULL) { @@ -2394,7 +2394,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_href_pm = 1; } else if (strcasecmp(p1, "HashFormAction") == 0) { - re->type = ENCRYPTION_URL_FACTION_HASH_PM; + re->type = HASH_URL_FACTION_HASH_PM; re->param = _p2; re->param_data = (void *)p; if (re->param_data == NULL) { @@ -2403,7 +2403,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_faction_pm = 1; } else if (strcasecmp(p1, "HashLocation") == 0) { - re->type = ENCRYPTION_URL_LOCATION_HASH_PM; + re->type = HASH_URL_LOCATION_HASH_PM; re->param = _p2; re->param_data = (void *)p; if (re->param_data == NULL) { @@ -2412,7 +2412,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_location_pm = 1; } else if (strcasecmp(p1, "HashIframeSrc") == 0) { - re->type = ENCRYPTION_URL_IFRAMESRC_HASH_PM; + re->type = HASH_URL_IFRAMESRC_HASH_PM; re->param = _p2; re->param_data = (void *)p; if (re->param_data == NULL) { @@ -2421,7 +2421,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_iframesrc_pm = 1; } else if (strcasecmp(p1, "HashFrameSrc") == 0) { - re->type = ENCRYPTION_URL_FRAMESRC_HASH_PM; + re->type = HASH_URL_FRAMESRC_HASH_PM; re->param = _p2; re->param_data = (void *)p; if (re->param_data == NULL) { @@ -2430,13 +2430,13 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_framesrc_pm = 1; } - *(encryption_method **)apr_array_push(dcfg->encryption_method) = re; + *(hash_method **)apr_array_push(dcfg->hash_method) = re; return NULL; } /** - * \brief Add SecEncryptionMethodRx configuration option + * \brief Add SecHashMethodRx configuration option * * \param cmd Pointer to configuration data * \param _dcfg Pointer to directory configuration @@ -2446,16 +2446,16 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg, * \retval NULL On failure * \retval apr_psprintf On Success */ -static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg, +static const char *cmd_hash_method_rx(cmd_parms *cmd, void *_dcfg, const char *p1, const char *p2) { directory_config *dcfg = (directory_config *)_dcfg; - rule_exception *re = apr_pcalloc(cmd->pool, sizeof(encryption_method)); + rule_exception *re = apr_pcalloc(cmd->pool, sizeof(hash_method)); const char *_p2 = apr_pstrdup(cmd->pool, p2); if (dcfg == NULL) return NULL; if (strcasecmp(p1, "HashHref") == 0) { - re->type = ENCRYPTION_URL_HREF_HASH_RX; + re->type = HASH_URL_HREF_HASH_RX; re->param = _p2; re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL); if (re->param_data == NULL) { @@ -2464,7 +2464,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_href_rx = 1; } else if (strcasecmp(p1, "HashFormAction") == 0) { - re->type = ENCRYPTION_URL_FACTION_HASH_RX; + re->type = HASH_URL_FACTION_HASH_RX; re->param = _p2; re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL); if (re->param_data == NULL) { @@ -2473,7 +2473,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_faction_rx = 1; } else if (strcasecmp(p1, "HashLocation") == 0) { - re->type = ENCRYPTION_URL_LOCATION_HASH_RX; + re->type = HASH_URL_LOCATION_HASH_RX; re->param = _p2; re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL); if (re->param_data == NULL) { @@ -2482,7 +2482,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_location_rx = 1; } else if (strcasecmp(p1, "HashIframeSrc") == 0) { - re->type = ENCRYPTION_URL_IFRAMESRC_HASH_RX; + re->type = HASH_URL_IFRAMESRC_HASH_RX; re->param = _p2; re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL); if (re->param_data == NULL) { @@ -2491,7 +2491,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_iframesrc_rx = 1; } else if (strcasecmp(p1, "HashFrameSrc") == 0) { - re->type = ENCRYPTION_URL_FRAMESRC_HASH_RX; + re->type = HASH_URL_FRAMESRC_HASH_RX; re->param = _p2; re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL); if (re->param_data == NULL) { @@ -2500,7 +2500,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg, dcfg->crypto_hash_framesrc_rx = 1; } - *(encryption_method **)apr_array_push(dcfg->encryption_method) = re; + *(hash_method **)apr_array_push(dcfg->hash_method) = re; return NULL; } @@ -3203,19 +3203,19 @@ const command_rec module_directives[] = { ), AP_INIT_TAKE2 ( - "SecEncryptionMethodPm", - cmd_encryption_method_pm, + "SecHashMethodPm", + cmd_hash_method_pm, NULL, CMD_SCOPE_ANY, - "Encryption method and pattern" + "Hash method and pattern" ), AP_INIT_TAKE2 ( - "SecEncryptionMethodRx", - cmd_encryption_method_rx, + "SecHashMethodRx", + cmd_hash_method_rx, NULL, CMD_SCOPE_ANY, - "Encryption method and regex" + "Hash method and regex" ), AP_INIT_TAKE2 ( @@ -3324,27 +3324,27 @@ const command_rec module_directives[] = { ), AP_INIT_TAKE1 ( - "SecEncryptionEngine", - cmd_encryption_engine, + "SecHashEngine", + cmd_hash_engine, NULL, CMD_SCOPE_ANY, "On or Off" ), AP_INIT_TAKE2 ( - "SecEncryptionKey", - cmd_encryption_key, + "SecHashKey", + cmd_hash_key, NULL, CMD_SCOPE_ANY, "Set Encrytion key" ), AP_INIT_TAKE1 ( - "SecEncryptionParam", - cmd_encryption_param, + "SecHashParam", + cmd_hash_param, NULL, CMD_SCOPE_ANY, - "Set Encryption parameter" + "Set Hash parameter" ), { NULL } diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c index 980acaf3..71900f03 100644 --- a/apache2/apache2_io.c +++ b/apache2/apache2_io.c @@ -577,7 +577,7 @@ static int flatten_response_body(modsec_rec *msr) { msr->resbody_data[msr->resbody_length] = '\0'; msr->resbody_status = RESBODY_STATUS_READ; - if (msr->txcfg->stream_outbody_inspection && msr->txcfg->encryption_is_enabled == ENCRYPTION_DISABLED) { + if (msr->txcfg->stream_outbody_inspection && msr->txcfg->hash_is_enabled == HASH_DISABLED) { msr->stream_output_length = msr->resbody_length; @@ -590,7 +590,7 @@ static int flatten_response_body(modsec_rec *msr) { memset(msr->stream_output_data, 0, msr->stream_output_length+1); strncpy(msr->stream_output_data, msr->resbody_data, msr->stream_output_length); msr->stream_output_data[msr->stream_output_length] = '\0'; - } else if (msr->txcfg->stream_outbody_inspection && msr->txcfg->encryption_is_enabled == ENCRYPTION_ENABLED) { + } else if (msr->txcfg->stream_outbody_inspection && msr->txcfg->hash_is_enabled == HASH_ENABLED) { int retval = 0; apr_time_t time1 = apr_time_now(); @@ -601,7 +601,7 @@ static int flatten_response_body(modsec_rec *msr) { if(retval > 0) { retval = inject_encrypted_response_body(msr, retval); if (msr->txcfg->debuglog_level >= 4) { - msr_log(msr, 4, "Encryption completed in %" APR_TIME_T_FMT " usec.", (apr_time_now() - time1)); + msr_log(msr, 4, "Hash completed in %" APR_TIME_T_FMT " usec.", (apr_time_now() - time1)); } } diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 5fb01e86..8eb8af88 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -23,7 +23,7 @@ #include typedef struct rule_exception rule_exception; -typedef struct rule_exception encryption_method; +typedef struct rule_exception hash_method; typedef struct modsec_rec modsec_rec; typedef struct directory_config directory_config; typedef struct error_message_t error_message_t; @@ -182,23 +182,23 @@ extern DSOLOCAL int *unicode_map_table; #define MODSEC_DETECTION_ONLY 1 #define MODSEC_ENABLED 2 -#define ENCRYPTION_DISABLED 0 -#define ENCRYPTION_ENABLED 1 +#define HASH_DISABLED 0 +#define HASH_ENABLED 1 -#define ENCRYPTION_URL_HREF_HASH_RX 0 -#define ENCRYPTION_URL_HREF_HASH_PM 1 -#define ENCRYPTION_URL_FACTION_HASH_RX 2 -#define ENCRYPTION_URL_FACTION_HASH_PM 3 -#define ENCRYPTION_URL_LOCATION_HASH_RX 4 -#define ENCRYPTION_URL_LOCATION_HASH_PM 5 -#define ENCRYPTION_URL_IFRAMESRC_HASH_RX 6 -#define ENCRYPTION_URL_IFRAMESRC_HASH_PM 7 -#define ENCRYPTION_URL_FRAMESRC_HASH_RX 8 -#define ENCRYPTION_URL_FRAMESRC_HASH_PM 9 +#define HASH_URL_HREF_HASH_RX 0 +#define HASH_URL_HREF_HASH_PM 1 +#define HASH_URL_FACTION_HASH_RX 2 +#define HASH_URL_FACTION_HASH_PM 3 +#define HASH_URL_LOCATION_HASH_RX 4 +#define HASH_URL_LOCATION_HASH_PM 5 +#define HASH_URL_IFRAMESRC_HASH_RX 6 +#define HASH_URL_IFRAMESRC_HASH_PM 7 +#define HASH_URL_FRAMESRC_HASH_RX 8 +#define HASH_URL_FRAMESRC_HASH_PM 9 -#define ENCRYPTION_KEYONLY 0 -#define ENCRYPTION_SESSIONID 1 -#define ENCRYPTION_REMOTEIP 2 +#define HASH_KEYONLY 0 +#define HASH_SESSIONID 1 +#define HASH_REMOTEIP 2 #define MODSEC_CACHE_DISABLED 0 #define MODSEC_CACHE_ENABLED 1 @@ -571,13 +571,13 @@ struct directory_config { /* Collection timeout */ int col_timeout; - /* Encryption */ - apr_array_header_t *encryption_method; + /* Hash */ + apr_array_header_t *hash_method; const char *crypto_key; int crypto_key_len; const char *crypto_param_name; - int encryption_is_enabled; - int encryption_enforcement; + int hash_is_enabled; + int hash_enforcement; int crypto_key_add; int crypto_hash_href_rx; int crypto_hash_faction_rx; diff --git a/apache2/msc_crypt.c b/apache2/msc_crypt.c index 78185863..b0f1863c 100644 --- a/apache2/msc_crypt.c +++ b/apache2/msc_crypt.c @@ -304,18 +304,18 @@ int init_response_body_html_parser(modsec_rec *msr) { } /** - * \brief Execute all encryption methods + * \brief Execute all hash methods * * \param msr ModSecurity transaction resource * \param link The html attr value to be checked - * \param type The encryption method type + * \param type The hash method type * * \retval 1 Match * \retval 0 No Match * \retval -1 on fail */ -int do_encryption_method(modsec_rec *msr, char *link, int type) { - encryption_method **em = NULL; +int do_hash_method(modsec_rec *msr, char *link, int type) { + hash_method **em = NULL; int i = 0; char *error_msg = NULL; char *my_error_msg = NULL; @@ -324,18 +324,18 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { if(msr == NULL) return -1; - em = (encryption_method **)msr->txcfg->encryption_method->elts; + em = (hash_method **)msr->txcfg->hash_method->elts; - if(msr->txcfg->encryption_method->nelts == 0) + if(msr->txcfg->hash_method->nelts == 0) return 1; - for (i = 0; i < msr->txcfg->encryption_method->nelts; i++) { + for (i = 0; i < msr->txcfg->hash_method->nelts; i++) { if(em[i] != NULL && em[i]->param_data != NULL){ switch(type) { - case ENCRYPTION_URL_HREF_HASH_PM: - if(em[i]->type == ENCRYPTION_URL_HREF_HASH_PM) { + case HASH_URL_HREF_HASH_PM: + if(em[i]->type == HASH_URL_HREF_HASH_PM) { const char *match = NULL; apr_status_t rc = 0; ACMPT pt; @@ -352,8 +352,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { } } break; - case ENCRYPTION_URL_HREF_HASH_RX: - if(em[i]->type == ENCRYPTION_URL_HREF_HASH_RX) { + case HASH_URL_HREF_HASH_RX: + if(em[i]->type == HASH_URL_HREF_HASH_RX) { rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg); if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) { msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); @@ -389,8 +389,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { } } break; - case ENCRYPTION_URL_FACTION_HASH_PM: - if(em[i]->type == ENCRYPTION_URL_FACTION_HASH_PM) { + case HASH_URL_FACTION_HASH_PM: + if(em[i]->type == HASH_URL_FACTION_HASH_PM) { const char *match = NULL; apr_status_t rc = 0; ACMPT pt; @@ -407,8 +407,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { } } break; - case ENCRYPTION_URL_FACTION_HASH_RX: - if(em[i]->type == ENCRYPTION_URL_FACTION_HASH_RX) { + case HASH_URL_FACTION_HASH_RX: + if(em[i]->type == HASH_URL_FACTION_HASH_RX) { rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg); if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) { msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); @@ -444,8 +444,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { } } break; - case ENCRYPTION_URL_LOCATION_HASH_PM: - if(em[i]->type == ENCRYPTION_URL_LOCATION_HASH_PM) { + case HASH_URL_LOCATION_HASH_PM: + if(em[i]->type == HASH_URL_LOCATION_HASH_PM) { const char *match = NULL; apr_status_t rc = 0; ACMPT pt; @@ -462,8 +462,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { } } break; - case ENCRYPTION_URL_LOCATION_HASH_RX: - if(em[i]->type == ENCRYPTION_URL_LOCATION_HASH_RX) { + case HASH_URL_LOCATION_HASH_RX: + if(em[i]->type == HASH_URL_LOCATION_HASH_RX) { rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg); if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) { msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); @@ -499,8 +499,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { } } break; - case ENCRYPTION_URL_IFRAMESRC_HASH_PM: - if(em[i]->type == ENCRYPTION_URL_IFRAMESRC_HASH_PM) { + case HASH_URL_IFRAMESRC_HASH_PM: + if(em[i]->type == HASH_URL_IFRAMESRC_HASH_PM) { const char *match = NULL; apr_status_t rc = 0; ACMPT pt; @@ -517,8 +517,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { } } break; - case ENCRYPTION_URL_IFRAMESRC_HASH_RX: - if(em[i]->type == ENCRYPTION_URL_IFRAMESRC_HASH_RX) { + case HASH_URL_IFRAMESRC_HASH_RX: + if(em[i]->type == HASH_URL_IFRAMESRC_HASH_RX) { rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg); if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) { msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); @@ -554,8 +554,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { } } break; - case ENCRYPTION_URL_FRAMESRC_HASH_PM: - if(em[i]->type == ENCRYPTION_URL_FRAMESRC_HASH_PM) { + case HASH_URL_FRAMESRC_HASH_PM: + if(em[i]->type == HASH_URL_FRAMESRC_HASH_PM) { const char *match = NULL; apr_status_t rc = 0; ACMPT pt; @@ -572,8 +572,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) { } } break; - case ENCRYPTION_URL_FRAMESRC_HASH_RX: - if(em[i]->type == ENCRYPTION_URL_FRAMESRC_HASH_RX) { + case HASH_URL_FRAMESRC_HASH_RX: + if(em[i]->type == HASH_URL_FRAMESRC_HASH_RX) { rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg); if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) { msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); @@ -679,7 +679,7 @@ int encrypt_response_body_links(modsec_rec *msr) { if(content_href != NULL && strstr(content_href,msr->txcfg->crypto_param_name) == NULL) { if(msr->txcfg->crypto_hash_href_rx == 1) { - rc = do_encryption_method(msr, (char *)content_href, ENCRYPTION_URL_HREF_HASH_RX); + rc = do_hash_method(msr, (char *)content_href, HASH_URL_HREF_HASH_RX); if(rc > 0) { mac_link = NULL; mac_link = do_hash_link(msr, (char *)content_href, FULL_LINK); @@ -695,7 +695,7 @@ int encrypt_response_body_links(modsec_rec *msr) { } } if(msr->txcfg->crypto_hash_href_pm == 1) { - rc = do_encryption_method(msr, (char *)content_href, ENCRYPTION_URL_HREF_HASH_PM); + rc = do_hash_method(msr, (char *)content_href, HASH_URL_HREF_HASH_PM); if(rc > 0) { mac_link = NULL; mac_link = do_hash_link(msr, (char *)content_href, FULL_LINK); @@ -750,7 +750,7 @@ int encrypt_response_body_links(modsec_rec *msr) { if(content_action != NULL && content_option == NULL && strstr(content_action,msr->txcfg->crypto_param_name) == NULL) { if(msr->txcfg->crypto_hash_faction_rx == 1) { - rc = do_encryption_method(msr, (char *)content_action, ENCRYPTION_URL_FACTION_HASH_RX); + rc = do_hash_method(msr, (char *)content_action, HASH_URL_FACTION_HASH_RX); if(rc > 0) { mac_link = NULL; mac_link = do_hash_link(msr, (char *)content_action, FULL_LINK); @@ -766,7 +766,7 @@ int encrypt_response_body_links(modsec_rec *msr) { } } if(msr->txcfg->crypto_hash_faction_pm == 1) { - rc = do_encryption_method(msr, (char *)content_action, ENCRYPTION_URL_FACTION_HASH_PM); + rc = do_hash_method(msr, (char *)content_action, HASH_URL_FACTION_HASH_PM); if(rc > 0) { mac_link = NULL; mac_link = do_hash_link(msr, (char *)content_action, FULL_LINK); @@ -820,7 +820,7 @@ int encrypt_response_body_links(modsec_rec *msr) { if(content_src != NULL && strstr(content_src,msr->txcfg->crypto_param_name) == NULL) { if(msr->txcfg->crypto_hash_iframesrc_rx == 1) { - rc = do_encryption_method(msr, (char *)content_src, ENCRYPTION_URL_IFRAMESRC_HASH_RX); + rc = do_hash_method(msr, (char *)content_src, HASH_URL_IFRAMESRC_HASH_RX); if(rc > 0) { mac_link = NULL; mac_link = do_hash_link(msr, (char *)content_src, FULL_LINK); @@ -836,7 +836,7 @@ int encrypt_response_body_links(modsec_rec *msr) { } } if(msr->txcfg->crypto_hash_iframesrc_pm == 1) { - rc = do_encryption_method(msr, (char *)content_src, ENCRYPTION_URL_IFRAMESRC_HASH_PM); + rc = do_hash_method(msr, (char *)content_src, HASH_URL_IFRAMESRC_HASH_PM); if(rc > 0) { mac_link = NULL; mac_link = do_hash_link(msr, (char *)content_src, FULL_LINK); @@ -885,7 +885,7 @@ int encrypt_response_body_links(modsec_rec *msr) { if(content_src != NULL && strstr(content_src,msr->txcfg->crypto_param_name) == NULL) { if(msr->txcfg->crypto_hash_framesrc_rx == 1) { - rc = do_encryption_method(msr, (char *)content_src, ENCRYPTION_URL_FRAMESRC_HASH_RX); + rc = do_hash_method(msr, (char *)content_src, HASH_URL_FRAMESRC_HASH_RX); if(rc > 0) { mac_link = NULL; mac_link = do_hash_link(msr, (char *)content_src, FULL_LINK); @@ -901,7 +901,7 @@ int encrypt_response_body_links(modsec_rec *msr) { } } if(msr->txcfg->crypto_hash_framesrc_pm == 1) { - rc = do_encryption_method(msr, (char *)content_src, ENCRYPTION_URL_FRAMESRC_HASH_PM); + rc = do_hash_method(msr, (char *)content_src, HASH_URL_FRAMESRC_HASH_PM); if(rc > 0) { mac_link = NULL; mac_link = do_hash_link(msr, (char *)content_src, FULL_LINK); @@ -1192,7 +1192,7 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) { * * \param msr ModSecurity transaction resource * \param link The html attr value to be checked - * \param type The encryption method type + * \param type The hash method type * * \retval mac_link MACed link * \retval NULL on fail @@ -1211,10 +1211,10 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) { if (msr->txcfg->debuglog_level >= 4) msr_log(msr, 4, "Signing data [%s]", path_chunk+1); - if(msr->txcfg->crypto_key_add == ENCRYPTION_KEYONLY) + if(msr->txcfg->crypto_key_add == HASH_KEYONLY) hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) path_chunk+1, strlen((char*)path_chunk)-1); - if(msr->txcfg->crypto_key_add == ENCRYPTION_SESSIONID) { + if(msr->txcfg->crypto_key_add == HASH_SESSIONID) { if(strlen(msr->sessionid) == 0) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip); @@ -1234,7 +1234,7 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) { } } - if(msr->txcfg->crypto_key_add == ENCRYPTION_REMOTEIP) { + if(msr->txcfg->crypto_key_add == HASH_REMOTEIP) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip); #else @@ -1253,10 +1253,10 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) { if (msr->txcfg->debuglog_level >= 4) msr_log(msr, 4, "Signing data [%s]", path_chunk+1); - if(msr->txcfg->crypto_key_add == ENCRYPTION_KEYONLY) + if(msr->txcfg->crypto_key_add == HASH_KEYONLY) hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) path_chunk+1, strlen((char*)path_chunk)-1); - if(msr->txcfg->crypto_key_add == ENCRYPTION_SESSIONID) { + if(msr->txcfg->crypto_key_add == HASH_SESSIONID) { if(strlen(msr->sessionid) == 0) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip); @@ -1276,7 +1276,7 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) { } } - if(msr->txcfg->crypto_key_add == ENCRYPTION_REMOTEIP) { + if(msr->txcfg->crypto_key_add == HASH_REMOTEIP) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip); #else @@ -1293,10 +1293,10 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) { if (msr->txcfg->debuglog_level >= 4) msr_log(msr, 4, "Signing data [%s]", link+1); - if(msr->txcfg->crypto_key_add == ENCRYPTION_KEYONLY) + if(msr->txcfg->crypto_key_add == HASH_KEYONLY) hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) link+1, strlen((char*)link)-1); - if(msr->txcfg->crypto_key_add == ENCRYPTION_SESSIONID) { + if(msr->txcfg->crypto_key_add == HASH_SESSIONID) { if(strlen(msr->sessionid) == 0) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip); @@ -1316,7 +1316,7 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) { } } - if(msr->txcfg->crypto_key_add == ENCRYPTION_REMOTEIP) { + if(msr->txcfg->crypto_key_add == HASH_REMOTEIP) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip); #else @@ -1346,10 +1346,10 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) { if (msr->txcfg->debuglog_level >= 4) msr_log(msr, 4, "Signing data [%s] size %d", relative_link, strlen(relative_link)); - if(msr->txcfg->crypto_key_add == ENCRYPTION_KEYONLY) + if(msr->txcfg->crypto_key_add == HASH_KEYONLY) hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) relative_link, strlen((char*)relative_link)); - if(msr->txcfg->crypto_key_add == ENCRYPTION_SESSIONID) { + if(msr->txcfg->crypto_key_add == HASH_SESSIONID) { if(strlen(msr->sessionid) == 0) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip); @@ -1369,7 +1369,7 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) { } } - if(msr->txcfg->crypto_key_add == ENCRYPTION_REMOTEIP) { + if(msr->txcfg->crypto_key_add == HASH_REMOTEIP) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip); #else @@ -1430,7 +1430,7 @@ int modify_response_header(modsec_rec *msr) { msr_log(msr, 4, "Processing reponse header location [%s]", location); if(msr->txcfg->crypto_hash_location_rx == 1) { - rc = do_encryption_method(msr, (char *)location, ENCRYPTION_URL_LOCATION_HASH_RX); + rc = do_hash_method(msr, (char *)location, HASH_URL_LOCATION_HASH_RX); if(rc > 0) { mac_link = NULL; @@ -1440,7 +1440,7 @@ int modify_response_header(modsec_rec *msr) { } } else if(msr->txcfg->crypto_hash_location_pm == 1) { - rc = do_encryption_method(msr, (char *)location, ENCRYPTION_URL_LOCATION_HASH_PM); + rc = do_hash_method(msr, (char *)location, HASH_URL_LOCATION_HASH_PM); if(rc > 0) { mac_link = NULL; diff --git a/apache2/re_actions.c b/apache2/re_actions.c index 32475d55..ca6d5905 100644 --- a/apache2/re_actions.c +++ b/apache2/re_actions.c @@ -921,15 +921,15 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action) } return NULL; } else - if (strcasecmp(name, "EncryptionEnforcement") == 0) { + if (strcasecmp(name, "HashEnforcement") == 0) { if (strcasecmp(value, "on") == 0) return NULL; if (strcasecmp(value, "off") == 0) return NULL; - return apr_psprintf(engine->mp, "Invalid setting for ctl name EncryptionEnforcement: %s", value); + return apr_psprintf(engine->mp, "Invalid setting for ctl name HashEnforcement: %s", value); } else - if (strcasecmp(name, "EncryptionEngine") == 0) { + if (strcasecmp(name, "HashEngine") == 0) { if (strcasecmp(value, "on") == 0) return NULL; if (strcasecmp(value, "off") == 0) return NULL; - return apr_psprintf(engine->mp, "Invalid setting for ctl name EncryptionEngine: %s", value); + return apr_psprintf(engine->mp, "Invalid setting for ctl name HashEngine: %s", value); } else { return apr_psprintf(engine->mp, "Invalid ctl name setting: %s", name); } @@ -979,31 +979,31 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp, return 1; } else - if (strcasecmp(name, "EncryptionEnforcement") == 0) { + if (strcasecmp(name, "HashEnforcement") == 0) { if (strcasecmp(value, "on") == 0) { - msr->txcfg->encryption_enforcement = ENCRYPTION_ENABLED; - msr->usercfg->encryption_enforcement = ENCRYPTION_ENABLED; + msr->txcfg->hash_enforcement = HASH_ENABLED; + msr->usercfg->hash_enforcement = HASH_ENABLED; } if (strcasecmp(value, "off") == 0) { - msr->txcfg->encryption_enforcement = ENCRYPTION_DISABLED; - msr->usercfg->encryption_enforcement = ENCRYPTION_DISABLED; + msr->txcfg->hash_enforcement = HASH_DISABLED; + msr->usercfg->hash_enforcement = HASH_DISABLED; } if (msr->txcfg->debuglog_level >= 4) { - msr_log(msr, 4, "Ctl: Set EncryptionEnforcement to %s.", value); + msr_log(msr, 4, "Ctl: Set HashEnforcement to %s.", value); } return 1; } else - if (strcasecmp(name, "EncryptionEngine") == 0) { + if (strcasecmp(name, "HashEngine") == 0) { if (strcasecmp(value, "on") == 0) { - msr->txcfg->encryption_is_enabled = ENCRYPTION_ENABLED; - msr->usercfg->encryption_is_enabled = ENCRYPTION_ENABLED; + msr->txcfg->hash_is_enabled = HASH_ENABLED; + msr->usercfg->hash_is_enabled = HASH_ENABLED; } if (strcasecmp(value, "off") == 0) { - msr->txcfg->encryption_is_enabled = ENCRYPTION_DISABLED; - msr->usercfg->encryption_is_enabled = ENCRYPTION_DISABLED; + msr->txcfg->hash_is_enabled = HASH_DISABLED; + msr->usercfg->hash_is_enabled = HASH_DISABLED; } if (msr->txcfg->debuglog_level >= 4) { - msr_log(msr, 4, "Ctl: Set EncryptionEngine to %s.", value); + msr_log(msr, 4, "Ctl: Set HashEngine to %s.", value); } return 1; } else diff --git a/apache2/re_operators.c b/apache2/re_operators.c index eaea360a..e6179135 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -721,7 +721,7 @@ nextround: #endif /* MSC_TEST */ /** - * \brief Init function to validateEncryption + * \brief Init function to validateHash * * \param rule ModSecurity rule struct * \param error_msg Error message @@ -729,7 +729,7 @@ nextround: * \retval 1 On success * \retval 0 On fail */ -static int msre_op_validateEncryption_param_init(msre_rule *rule, char **error_msg) { +static int msre_op_validateHash_param_init(msre_rule *rule, char **error_msg) { const char *errptr = NULL; int erroffset; msc_regex_t *regex; @@ -778,7 +778,7 @@ static int msre_op_validateEncryption_param_init(msre_rule *rule, char **error_m } /** - * \brief Execute function to validateEncryption + * \brief Execute function to validateHash * * \param msr ModSecurity transaction resource * \param rule ModSecurity rule struct @@ -788,7 +788,7 @@ static int msre_op_validateEncryption_param_init(msre_rule *rule, char **error_m * \retval 1 On success * \retval 0 On fail */ -static int msre_op_validateEncryption_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) { +static int msre_op_validateHash_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) { msc_regex_t *regex = (msc_regex_t *)rule->op_param_data; msc_string *re_pattern = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); const char *target; @@ -809,7 +809,7 @@ static int msre_op_validateEncryption_execute(modsec_rec *msr, msre_rule *rule, if (error_msg == NULL) return -1; *error_msg = NULL; - if (msr->txcfg->encryption_enforcement == ENCRYPTION_DISABLED || msr->txcfg->encryption_is_enabled == ENCRYPTION_DISABLED) + if (msr->txcfg->hash_enforcement == HASH_DISABLED || msr->txcfg->hash_is_enabled == HASH_DISABLED) return 0; if (regex == NULL) { @@ -926,13 +926,13 @@ static int msre_op_validateEncryption_execute(modsec_rec *msr, msre_rule *rule, if(valid == NULL) { if (msr->txcfg->debuglog_level >= 9) - msr_log(msr, 9, "Request URI without encryption parameter [%s]", target); + msr_log(msr, 9, "Request URI without hash parameter [%s]", target); if (strlen(pattern) > 252) { - *error_msg = apr_psprintf(msr->mp, "Request URI matched \"%.252s ...\" at %s. No Encryption parameter", + *error_msg = apr_psprintf(msr->mp, "Request URI matched \"%.252s ...\" at %s. No Hash parameter", pattern, var->name); } else { - *error_msg = apr_psprintf(msr->mp, "Request URI matched \"%s\" at %s. No Encryption parameter", + *error_msg = apr_psprintf(msr->mp, "Request URI matched \"%s\" at %s. No Hash parameter", pattern, var->name); } return 1; @@ -952,10 +952,10 @@ static int msre_op_validateEncryption_execute(modsec_rec *msr, msre_rule *rule, if(strcmp(hmac, hash_link) != 0) { if (strlen(pattern) > 252) { - *error_msg = apr_psprintf(msr->mp, "Request URI matched \"%.252s ...\" at %s. Encryption parameter hash value = [%s] Requested URI hash value = [%s]", + *error_msg = apr_psprintf(msr->mp, "Request URI matched \"%.252s ...\" at %s. Hash parameter hash value = [%s] Requested URI hash value = [%s]", pattern, var->name, hmac, hash_link); } else { - *error_msg = apr_psprintf(msr->mp, "Request URI matched \"%s\" at %s. Encryption parameter hash value = [%s] Requested URI hash value = [%s]", + *error_msg = apr_psprintf(msr->mp, "Request URI matched \"%s\" at %s. Hash parameter hash value = [%s] Requested URI hash value = [%s]", pattern, var->name, hmac, hash_link); } return 1; @@ -4434,9 +4434,9 @@ void msre_engine_register_default_operators(msre_engine *engine) { /* validateEncyption */ msre_engine_op_register(engine, - "validateEncryption", - msre_op_validateEncryption_param_init, - msre_op_validateEncryption_execute + "validateHash", + msre_op_validateHash_param_init, + msre_op_validateHash_execute ); /* pm */