httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_init.c ssl_engine_pphrase.c
Date Thu, 28 Feb 2002 00:23:32 GMT
dougm       02/02/27 16:23:32

  Modified:    modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_init.c
                        ssl_engine_pphrase.c
  Log:
  switch SSLModConfigRec.tPrivateKey to ssl_asn1_table api to prevent
  leakage on restarts.
  
  Revision  Changes    Path
  1.62      +1 -1      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.61
  retrieving revision 1.62
  diff -u -r1.61 -r1.62
  --- mod_ssl.h	28 Feb 2002 00:10:52 -0000	1.61
  +++ mod_ssl.h	28 Feb 2002 00:23:32 -0000	1.62
  @@ -519,7 +519,7 @@
       apr_hash_t     *tTmpKeys;
       void           *pTmpKeys[SSL_TKPIDX_MAX];
       ssl_ds_table   *tPublicCert;
  -    ssl_ds_table   *tPrivateKey;
  +    apr_hash_t     *tPrivateKey;
   #ifdef SSL_EXPERIMENTAL_ENGINE
       char           *szCryptoDevice;
   #endif
  
  
  
  1.24      +1 -1      httpd-2.0/modules/ssl/ssl_engine_config.c
  
  Index: ssl_engine_config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- ssl_engine_config.c	28 Feb 2002 00:01:57 -0000	1.23
  +++ ssl_engine_config.c	28 Feb 2002 00:23:32 -0000	1.24
  @@ -101,7 +101,7 @@
           mc->szMutexFile            = NULL;
           mc->pMutex                 = NULL;
           mc->aRandSeed              = apr_array_make(pPool, 4, sizeof(ssl_randseed_t));
  -        mc->tPrivateKey            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
  +        mc->tPrivateKey            = apr_hash_make(pPool);
           mc->tPublicCert            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
           mc->tTmpKeys               = apr_hash_make(pPool);
   #ifdef SSL_EXPERIMENTAL_ENGINE
  
  
  
  1.30      +2 -2      httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -u -r1.29 -r1.30
  --- ssl_engine_init.c	28 Feb 2002 00:10:52 -0000	1.29
  +++ ssl_engine_init.c	28 Feb 2002 00:23:32 -0000	1.30
  @@ -682,7 +682,7 @@
        */
       ok = FALSE;
       cp = apr_psprintf(p, "%s:RSA", cpVHostID);
  -    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
  +    if ((asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp)) != NULL) {
           ssl_log(s, SSL_LOG_TRACE,
                   "Init: (%s) Configuring RSA server private key", cpVHostID);
           ucp = asn1->cpData;
  @@ -702,7 +702,7 @@
           ok = TRUE;
       }
       cp = apr_psprintf(p, "%s:DSA", cpVHostID);
  -    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
  +    if ((asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp)) != NULL) {
           ssl_log(s, SSL_LOG_TRACE,
                   "Init: (%s) Configuring DSA server private key", cpVHostID);
           ucp = asn1->cpData;
  
  
  
  1.16      +11 -7     httpd-2.0/modules/ssl/ssl_engine_pphrase.c
  
  Index: ssl_engine_pphrase.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- ssl_engine_pphrase.c	27 Feb 2002 19:54:07 -0000	1.15
  +++ ssl_engine_pphrase.c	28 Feb 2002 00:23:32 -0000	1.16
  @@ -114,6 +114,7 @@
       EVP_PKEY *pPrivateKey;
       ssl_asn1_t *asn1;
       unsigned char *ucp;
  +    long int length;
       X509 *pX509Cert;
       BOOL bReadable;
       ssl_ds_array *aPassPhrase;
  @@ -278,7 +279,7 @@
                       !(isterm = isatty(fileno(stdout)))) /* XXX: apr_isatty() */
                   {
                       char *key_id = apr_psprintf(p, "%s:%s", cpVHostID, "RSA"); /* XXX:
check for DSA key too? */
  -                    ssl_asn1_t *asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey,
key_id);
  +                    ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id);
                       
                       if (asn1 && (asn1->source_mtime == pkey_mtime)) {
                           ssl_log(pServ, SSL_LOG_INFO,
  @@ -427,12 +428,15 @@
                * RSA structure which do not survive DSO reloads!)
                */
               cp = apr_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
  -            asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tPrivateKey, cp);
  -            asn1->nData  = i2d_PrivateKey(pPrivateKey, NULL);
  -            asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
  -            ucp = asn1->cpData; i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments
*/
  -
  -            asn1->source_mtime = pkey_mtime;
  +            length = i2d_PrivateKey(pPrivateKey, NULL);
  +            ucp = ssl_asn1_table_set(mc->tPrivateKey, cp, length);
  +            (void)i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */
  +
  +            if (nPassPhraseDialogCur != 0) {
  +                /* remember mtime of encrypted keys */
  +                asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp);
  +                asn1->source_mtime = pkey_mtime;
  +            }
   
               /*
                * Free the private key structure
  
  
  

Mime
View raw message