Initialize EC temporary key on server startup, as for DH and

RSA. This fixes a race condition that could lead to a crash with threaded MPMs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1294306 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2012-02-27 20:01:40 +00:00
parent ac4effde8d
commit 960f0a63cd
4 changed files with 59 additions and 12 deletions
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1386,24 +1386,20 @@ DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
 EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)
 {
    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
-    static EC_KEY *ecdh = NULL;
-    static int init = 0;
+    SSLModConfigRec *mc = myModConfigFromConn(c);
+    int idx;

    /* XXX Uses 256-bit key for now. TODO: support other sizes. */
    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
                  "handing out temporary 256 bit ECC key");

-    if (init == 0) {
-        ecdh = EC_KEY_new();
-        if (ecdh != NULL) {
-            /* ecdh->group = EC_GROUP_new_by_nid(NID_secp160r2); */
-            EC_KEY_set_group(ecdh,
-              EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
-        }
-        init = 1;
+    switch (keylen) {
+      case 256:
+      default:
+        idx = SSL_TMP_KEY_EC_256;
    }

-    return ecdh;
+    return (EC_KEY *)mc->pTmpKeys[idx];
 }
 #endif