httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jwool...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_dh.c ssl_engine_init.c ssl_engine_kernel.c ssl_engine_rand.c ssl_scache_dbm.c ssl_scache_shmcb.c ssl_scache_shmht.c
Date Mon, 25 Feb 2002 04:23:04 GMT
jwoolley    02/02/24 20:23:04

  Modified:    .        CHANGES
               modules/ssl mod_ssl.h ssl_engine_dh.c ssl_engine_init.c
                        ssl_engine_kernel.c ssl_engine_rand.c
                        ssl_scache_dbm.c ssl_scache_shmcb.c
                        ssl_scache_shmht.c
  Log:
  Forward port of changes in mod_ssl for Apache 1.3 up through mod_ssl
  version 2.8.7-1.3.23.
  
  Revision  Changes    Path
  1.607     +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.606
  retrieving revision 1.607
  diff -u -d -u -r1.606 -r1.607
  --- CHANGES	23 Feb 2002 20:56:35 -0000	1.606
  +++ CHANGES	25 Feb 2002 04:23:03 -0000	1.607
  @@ -1,4 +1,8 @@
   Changes with Apache 2.0.33-dev
  +
  +  *) Merged in changes to mod_ssl up through 2.8.7-1.3.23.
  +     [Ralf S. Engelschall, Cliff Woolley]
  +
     *) mod-include: make it handle flush'es and fix the 'false-alarm'
        [Justin Everkrantz, Brian Pane, Ian Holsman]
   
  
  
  
  1.56      +5 -0      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.55
  retrieving revision 1.56
  diff -u -d -u -r1.55 -r1.56
  --- mod_ssl.h	18 Jan 2002 23:26:46 -0000	1.55
  +++ mod_ssl.h	25 Feb 2002 04:23:03 -0000	1.56
  @@ -513,6 +513,7 @@
       char           *szMutexFile;
       apr_lock_t     *pMutex;
       apr_array_header_t   *aRandSeed;
  +    int             nScoreboardSize; /* used for builtin random seed */
       ssl_ds_table   *tTmpKeys;
       void           *pTmpKeys[SSL_TKPIDX_MAX];
       ssl_ds_table   *tPublicCert;
  @@ -675,7 +676,11 @@
   int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
   SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
   void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
  +#if SSL_LIBRARY_VERSION >= 0x00907000
  +void         ssl_callback_LogTracingState(const SSL *, int, int);
  +#else
   void         ssl_callback_LogTracingState(SSL *, int, int);
  +#endif
   
   /*  Session Cache Support  */
   void         ssl_scache_init(server_rec *, apr_pool_t *);
  
  
  
  1.6       +2 -2      httpd-2.0/modules/ssl/ssl_engine_dh.c
  
  Index: ssl_engine_dh.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_dh.c,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -d -u -r1.5 -r1.6
  --- ssl_engine_dh.c	7 Aug 2001 16:19:03 -0000	1.5
  +++ ssl_engine_dh.c	25 Feb 2002 04:23:03 -0000	1.6
  @@ -225,10 +225,10 @@
   
   #   generate C source from DH params
   my $dhsource = '';
  -open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand -8 |") || die;
  +open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die;
   $dhsource .= $_ while (<FP>);
   close(FP);
  -open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand -8 |") || die;
  +open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die;
   $dhsource .= $_ while (<FP>);
   close(FP);
   $dhsource =~ s|(DH\s+\*get_dh)|static $1|sg;
  
  
  
  1.26      +6 -1      httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -d -u -r1.25 -r1.26
  --- ssl_engine_init.c	16 Feb 2002 18:35:21 -0000	1.25
  +++ ssl_engine_init.c	25 Feb 2002 04:23:03 -0000	1.26
  @@ -221,7 +221,11 @@
   
       /*
        * Seed the Pseudo Random Number Generator (PRNG)
  +     *
  +     * Note: scoreboard size must be fetched at init time because
  +     * ap_calc_scoreboard_size() is not threadsafe
        */
  +    mc->nScoreboardSize = ap_calc_scoreboard_size();
       ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
   
       /*
  @@ -713,7 +717,8 @@
               }
               if (SSL_X509_getCN(p, sc->pPublicCert[i], &cp)) {
                   if (apr_is_fnmatch(cp) &&
  -                    !apr_fnmatch(cp, s->server_hostname, FNM_PERIOD|FNM_CASE_BLIND))
{
  +                    apr_fnmatch(cp, s->server_hostname,
  +                                FNM_PERIOD|FNM_CASE_BLIND) == FNM_NOMATCH) {
                       ssl_log(s, SSL_LOG_WARN,
                           "Init: (%s) %s server certificate wildcard CommonName (CN) `%s'
"
                           "does NOT match server name!?", cpVHostID, 
  
  
  
  1.42      +5 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.41
  retrieving revision 1.42
  diff -u -d -u -r1.41 -r1.42
  --- ssl_engine_kernel.c	3 Feb 2002 01:50:58 -0000	1.41
  +++ ssl_engine_kernel.c	25 Feb 2002 04:23:03 -0000	1.42
  @@ -1587,7 +1587,11 @@
    * SSL handshake and does SSL record layer stuff. We use it to
    * trace OpenSSL's processing in out SSL logfile.
    */
  +#if SSL_LIBRARY_VERSION >= 0x00907000
  +void ssl_callback_LogTracingState(const SSL *ssl, int where, int rc)
  +#else
   void ssl_callback_LogTracingState(SSL *ssl, int where, int rc)
  +#endif
   {
       conn_rec *c;
       server_rec *s;
  @@ -1597,7 +1601,7 @@
       /*
        * find corresponding server
        */
  -    if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
  +    if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL)
           return;
       s = c->base_server;
       if ((sc = mySrvConfig(s)) == NULL)
  
  
  
  1.12      +13 -9     httpd-2.0/modules/ssl/ssl_engine_rand.c
  
  Index: ssl_engine_rand.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_rand.c,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -d -u -r1.11 -r1.12
  --- ssl_engine_rand.c	10 Jan 2002 00:28:00 -0000	1.11
  +++ ssl_engine_rand.c	25 Feb 2002 04:23:03 -0000	1.12
  @@ -81,6 +81,7 @@
       int nReq, nDone;
       apr_file_t *fp;
       int i, n, l;
  +    int m;
   
       mc = myModConfig(s);
       nReq  = 0;
  @@ -154,18 +155,21 @@
                   RAND_seed(stackdata+n, 128);
                   nDone += 128;
   
  -#if XXX_SBENTROPY_SOLVED
                   /*
  -                 * XXX: This is entirely borked, sizeof(scoreboard) < 1024
  +                 * seed in data extracted from the current scoreboard
                    *
  -                 * seed in an 1KB extract of the current scoreboard
  +                 * XXX: this assumes that the entire scoreboard is
  +                 * allocated in one big block of memory that begins at
  +                 * the location pointed to by ap_scoreboard_image->global
                    */
  -                if (ap_scoreboard_image != NULL) {
  -                    n = ssl_rand_choosenum(0,ap_calc_scoreboard_size()-1024-1);
  -                    RAND_seed(((unsigned char *)ap_scoreboard_image)+n, 1024);
  -                    nDone += 1024;
  +                if (ap_scoreboard_image != NULL && mc->nScoreboardSize >
16)
  +                {
  +                    m = ((mc->nScoreboardSize / 2) - 1);
  +                    n = ssl_rand_choosenum(0, m);
  +                    RAND_seed(
  +                        ((unsigned char *)ap_scoreboard_image->global)+n, m);
  +                    nDone += m;
                   }
  -#endif
               }
           }
       }
  
  
  
  1.11      +3 -1      httpd-2.0/modules/ssl/ssl_scache_dbm.c
  
  Index: ssl_scache_dbm.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_dbm.c,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -d -u -r1.10 -r1.11
  --- ssl_scache_dbm.c	7 Nov 2001 14:09:36 -0000	1.10
  +++ ssl_scache_dbm.c	25 Feb 2002 04:23:03 -0000	1.11
  @@ -142,8 +142,10 @@
       UCHAR *ucp;
   
       /* streamline session data */
  +    if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
  +        return FALSE;
       ucp = ucaData;
  -    nData = i2d_SSL_SESSION(sess, &ucp);
  +    i2d_SSL_SESSION(sess, &ucp);
   
       /* be careful: do not try to store too much bytes in a DBM file! */
   #ifdef PAIRMAX
  
  
  
  1.4       +15 -13    httpd-2.0/modules/ssl/ssl_scache_shmcb.c
  
  Index: ssl_scache_shmcb.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_shmcb.c,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -d -u -r1.3 -r1.4
  --- ssl_scache_shmcb.c	5 May 2001 10:12:07 -0000	1.3
  +++ ssl_scache_shmcb.c	25 Feb 2002 04:23:03 -0000	1.4
  @@ -183,9 +183,9 @@
       unsigned int division_offset;
       unsigned int division_size;
       unsigned int queue_size;
  -    unsigned char index_num;
  -    unsigned char index_offset;
  -    unsigned char index_size;
  +    unsigned int index_num;
  +    unsigned int index_offset;
  +    unsigned int index_size;
       unsigned int cache_data_offset;
       unsigned int cache_data_size;
       unsigned long num_stores;
  @@ -208,10 +208,10 @@
       unsigned int queue_size;
       unsigned int cache_data_offset;
       unsigned int cache_data_size;
  +    unsigned int index_num;
  +    unsigned int index_offset;
  +    unsigned int index_size;
       unsigned char division_mask;
  -    unsigned char index_num;
  -    unsigned char index_offset;
  -    unsigned char index_size;
   #endif
   } SHMCBHeader;
   
  @@ -456,7 +456,7 @@
       return;
   }
   
  -BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR * id, int idlen,
  +BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
                              time_t timeout, SSL_SESSION * pSession)
   {
       SSLModConfigRec *mc = myModConfig();
  @@ -478,7 +478,7 @@
       return to_return;
   }
   
  -SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR * id, int idlen)
  +SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR *id, int idlen)
   {
       SSLModConfigRec *mc = myModConfig();
       void *shm_segment;
  @@ -499,14 +499,16 @@
       return pSession;
   }
   
  -void ssl_scache_shmcb_remove(server_rec *s, UCHAR * id, int idlen)
  +void ssl_scache_shmcb_remove(server_rec *s, UCHAR *id, int idlen)
   {
       SSLModConfigRec *mc = myModConfig();
       void *shm_segment;
   
       /* We've kludged our pointer into the other cache's member variable. */
       shm_segment = (void *) mc->tSessionCacheDataTable;
  +    ssl_mutex_on(s);
       shmcb_remove_session(s, shm_segment, id, idlen);
  +    ssl_mutex_off(s);
   }
   
   void ssl_scache_shmcb_expire(server_rec *s)
  @@ -705,7 +707,7 @@
   }
   
   static BOOL shmcb_store_session(
  -    server_rec *s, void *shm_segment, UCHAR * id,
  +    server_rec *s, void *shm_segment, UCHAR *id,
       int idlen, SSL_SESSION * pSession,
       time_t timeout)
   {
  @@ -755,7 +757,7 @@
   
   static SSL_SESSION *shmcb_retrieve_session(
       server_rec *s, void *shm_segment,
  -    UCHAR * id, int idlen)
  +    UCHAR *id, int idlen)
   {
       SHMCBHeader *header;
       SHMCBQueue queue;
  @@ -795,7 +797,7 @@
   
   static BOOL shmcb_remove_session(
       server_rec *s, void *shm_segment,
  -    UCHAR * id, int idlen)
  +    UCHAR *id, int idlen)
   {
       SHMCBHeader *header;
       SHMCBQueue queue;
  @@ -992,7 +994,7 @@
       const SHMCBQueue *queue, unsigned int idx)
   {
       /* bounds check */
  -    if (idx > (unsigned int) queue->header->index_num)
  +    if (idx > queue->header->index_num)
           return NULL;
   
       /* Return a pointer to the index. NB: I am being horribly pendantic
  
  
  
  1.4       +3 -1      httpd-2.0/modules/ssl/ssl_scache_shmht.c
  
  Index: ssl_scache_shmht.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_shmht.c,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -d -u -r1.3 -r1.4
  --- ssl_scache_shmht.c	5 May 2001 10:12:07 -0000	1.3
  +++ ssl_scache_shmht.c	25 Feb 2002 04:23:03 -0000	1.4
  @@ -175,8 +175,10 @@
       UCHAR *ucp;
   
       /* streamline session data */
  +    if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
  +        return FALSE;
       ucp = ucaData;
  -    nData = i2d_SSL_SESSION(sess, &ucp);
  +    i2d_SSL_SESSION(sess, &ucp);
   
       ssl_mutex_on(s);
       if (table_insert_kd(mc->tSessionCacheDataTable, 
  
  
  

Mime
View raw message