httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_init.c
Date Tue, 12 Mar 2002 22:34:32 GMT
dougm       02/03/12 14:34:32

  Modified:    modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_init.c
  Log:
  it is not required that temporary keys survive restarts, since they
  are generated and destroyed on every restart.
  
  so get rid of SSLModConfigRec.tTmpKeys table and mess that was
  managing it.
  
  Revision  Changes    Path
  1.72      +0 -2      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.71
  retrieving revision 1.72
  diff -u -r1.71 -r1.72
  --- mod_ssl.h	12 Mar 2002 22:11:51 -0000	1.71
  +++ mod_ssl.h	12 Mar 2002 22:34:31 -0000	1.72
  @@ -300,7 +300,6 @@
    */
   
   #define SSL_TKP_GEN        (0)
  -#define SSL_TKP_ALLOC      (1)
   #define SSL_TKP_FREE       (2)
   
   #define SSL_TKPIDX_RSA512  (0)
  @@ -517,7 +516,6 @@
       apr_lock_t     *pMutex;
       apr_array_header_t   *aRandSeed;
       apr_hash_t     *tVHostKeys;
  -    apr_hash_t     *tTmpKeys;
       void           *pTmpKeys[SSL_TKPIDX_MAX];
       apr_hash_t     *tPublicCert;
       apr_hash_t     *tPrivateKey;
  
  
  
  1.34      +0 -1      httpd-2.0/modules/ssl/ssl_engine_config.c
  
  Index: ssl_engine_config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
  retrieving revision 1.33
  retrieving revision 1.34
  diff -u -r1.33 -r1.34
  --- ssl_engine_config.c	12 Mar 2002 21:12:49 -0000	1.33
  +++ ssl_engine_config.c	12 Mar 2002 22:34:31 -0000	1.34
  @@ -107,7 +107,6 @@
       mc->tVHostKeys             = apr_hash_make(pool);
       mc->tPrivateKey            = apr_hash_make(pool);
       mc->tPublicCert            = apr_hash_make(pool);
  -    mc->tTmpKeys               = apr_hash_make(pool);
   #ifdef SSL_EXPERIMENTAL_ENGINE
       mc->szCryptoDevice         = NULL;
   #endif
  
  
  
  1.49      +21 -102   httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.48
  retrieving revision 1.49
  diff -u -r1.48 -r1.49
  --- ssl_engine_init.c	12 Mar 2002 22:08:23 -0000	1.48
  +++ ssl_engine_init.c	12 Mar 2002 22:34:31 -0000	1.49
  @@ -226,11 +226,6 @@
       ssl_rand_seed(base_server, p, SSL_RSCTX_STARTUP, "Init: ");
   
       /*
  -     *  allocate the temporary RSA keys and DH params
  -     */
  -    ssl_init_TmpKeysHandle(SSL_TKP_ALLOC, base_server, p);
  -
  -    /*
        *  initialize servers
        */
       ssl_log(base_server, SSL_LOG_INFO,
  @@ -323,11 +318,6 @@
   void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p)
   {
       SSLModConfigRec *mc = myModConfig(s);
  -    ssl_asn1_t *asn1;
  -    unsigned char *ptr;
  -    long int length;
  -    RSA *rsa;
  -    DH *dh;
   
       if (action == SSL_TKP_GEN) { /* Generate Keys and Params */
           /* seed PRNG */
  @@ -337,119 +327,48 @@
           ssl_log(s, SSL_LOG_INFO,
                   "Init: Generating temporary RSA private keys (512/1024 bits)");
   
  -        if (!(rsa = RSA_generate_key(512, RSA_F4, NULL, NULL))) {
  -            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
  +        /* generate 512 bit RSA key */
  +        if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] = 
  +              RSA_generate_key(512, RSA_F4, NULL, NULL)))
  +        {
  +            ssl_log(s, SSL_LOG_ERROR,
                       "Init: Failed to generate temporary "
                       "512 bit RSA private key");
               ssl_die();
           }
   
  -        length = i2d_RSAPrivateKey(rsa, NULL);
  -        ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:512", length);
  -        (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */
  -        RSA_free(rsa);
  -
           /* generate 1024 bit RSA key */
  -        if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL))) {
  -            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
  +        if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] = 
  +              RSA_generate_key(1024, RSA_F4, NULL, NULL)))
  +        {
  +            ssl_log(s, SSL_LOG_ERROR,
                       "Init: Failed to generate temporary "
                       "1024 bit RSA private key");
               ssl_die();
           }
   
  -        length = i2d_RSAPrivateKey(rsa, NULL);
  -        ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:1024", length);
  -        (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */
  -        RSA_free(rsa);
  -
           ssl_log(s, SSL_LOG_INFO,
  -                "Init: Configuring temporary DH parameters (512/1024 bits)");
  +                "Init: Configuring temporary "
  +                "DH parameters (512/1024 bits)");
   
  -        /* import 512 bit DH param */
  -        if (!(dh = ssl_dh_GetTmpParam(512))) {
  +        /* generate 512 bit DH param */
  +        if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] = 
  +              ssl_dh_GetTmpParam(512)))
  +        {
               ssl_log(s, SSL_LOG_ERROR,
  -                    "Init: Failed to import temporary "
  +                    "Init: Failed to generate temporary "
                       "512 bit DH parameters");
               ssl_die();
           }
   
  -        length = i2d_DHparams(dh, NULL);
  -        ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:512", length);
  -        (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */
  -        DH_free(dh);
  -
  -        /* import 1024 bit DH param */
  -        if (!(dh = ssl_dh_GetTmpParam(1024))) {
  +        /* generate 1024 bit DH param */
  +        if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] = 
  +              ssl_dh_GetTmpParam(1024)))
  +        {
               ssl_log(s, SSL_LOG_ERROR,
  -                    "Init: Failed to import temporary "
  +                    "Init: Failed to generate temporary "
                       "1024 bit DH parameters");
               ssl_die();
  -        }
  -
  -        length = i2d_DHparams(dh, NULL);
  -        ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:1024", length);
  -        (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */
  -        DH_free(dh);
  -    }
  -    else if (action == SSL_TKP_ALLOC) { /* Allocate Keys and Params */
  -        ssl_log(s, SSL_LOG_INFO,
  -                "Init: Configuring temporary "
  -                "RSA private keys (512/1024 bits)");
  -
  -        /* allocate 512 bit RSA key */
  -        if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:512"))) {
  -            ptr = asn1->cpData;
  -            if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] = 
  -                  d2i_RSAPrivateKey(NULL, &ptr, asn1->nData)))
  -            {
  -                ssl_log(s, SSL_LOG_ERROR,
  -                        "Init: Failed to load temporary "
  -                        "512 bit RSA private key");
  -                ssl_die();
  -            }
  -        }
  -
  -        /* allocate 1024 bit RSA key */
  -        if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:1024"))) {
  -            ptr = asn1->cpData;
  -            if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] = 
  -                  d2i_RSAPrivateKey(NULL, &ptr, asn1->nData)))
  -            {
  -                ssl_log(s, SSL_LOG_ERROR,
  -                        "Init: Failed to load temporary "
  -                        "1024 bit RSA private key");
  -                ssl_die();
  -            }
  -        }
  -
  -        ssl_log(s, SSL_LOG_INFO,
  -                "Init: Configuring temporary "
  -                "DH parameters (512/1024 bits)");
  -
  -        /* allocate 512 bit DH param */
  -        if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:512"))) {
  -            ptr = asn1->cpData;
  -            if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] = 
  -                  d2i_DHparams(NULL, &ptr, asn1->nData)))
  -            {
  -                ssl_log(s, SSL_LOG_ERROR,
  -                        "Init: Failed to load temporary "
  -                        "512 bit DH parameters");
  -                ssl_die();
  -            }
  -        }
  -
  -        /* allocate 1024 bit DH param */
  -        if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:1024"))) {
  -            ptr = asn1->cpData;
  -            if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] = 
  -                  d2i_DHparams(NULL, &ptr, asn1->nData)))
  -            {
  -                ssl_log(s, SSL_LOG_ERROR,
  -                        "Init: Failed to load temporary "
  -                        "1024 bit DH parameters");
  -                ssl_die();
  -            }
           }
       }
       else if (action == SSL_TKP_FREE) { /* Free Keys and Params */
  
  
  

Mime
View raw message