switch SSLModConfigRec.tPrivateKey to ssl_asn1_table api to prevent

leakage on restarts.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93614 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/mod_ssl.h

@@ -519,7 +519,7 @@ typedef struct {
     apr_hash_t     *tTmpKeys;
     void           *pTmpKeys[SSL_TKPIDX_MAX];
     ssl_ds_table   *tPublicCert;
-    ssl_ds_table   *tPrivateKey;
+    apr_hash_t     *tPrivateKey;
 #ifdef SSL_EXPERIMENTAL_ENGINE
     char           *szCryptoDevice;
 #endif

modules/ssl/ssl_engine_config.c

@@ -101,7 +101,7 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
         mc->szMutexFile            = NULL;
         mc->pMutex                 = NULL;
         mc->aRandSeed              = apr_array_make(pPool, 4, sizeof(ssl_randseed_t));
-        mc->tPrivateKey            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
+        mc->tPrivateKey            = apr_hash_make(pPool);
         mc->tPublicCert            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
         mc->tTmpKeys               = apr_hash_make(pPool);
 #ifdef SSL_EXPERIMENTAL_ENGINE

modules/ssl/ssl_engine_init.c

@@ -682,7 +682,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
      */
     ok = FALSE;
     cp = apr_psprintf(p, "%s:RSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
+    if ((asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp)) != NULL) {
         ssl_log(s, SSL_LOG_TRACE,
                 "Init: (%s) Configuring RSA server private key", cpVHostID);
         ucp = asn1->cpData;
@@ -702,7 +702,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
         ok = TRUE;
     }
     cp = apr_psprintf(p, "%s:DSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
+    if ((asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp)) != NULL) {
         ssl_log(s, SSL_LOG_TRACE,
                 "Init: (%s) Configuring DSA server private key", cpVHostID);
         ucp = asn1->cpData;

modules/ssl/ssl_engine_pphrase.c

@@ -114,6 +114,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
     EVP_PKEY *pPrivateKey;
     ssl_asn1_t *asn1;
     unsigned char *ucp;
+    long int length;
     X509 *pX509Cert;
     BOOL bReadable;
     ssl_ds_array *aPassPhrase;
@@ -278,7 +279,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                     !(isterm = isatty(fileno(stdout)))) /* XXX: apr_isatty() */
                 {
                     char *key_id = apr_psprintf(p, "%s:%s", cpVHostID, "RSA"); /* XXX: check for DSA key too? */
-                    ssl_asn1_t *asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, key_id);
+                    ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id);
                     
                     if (asn1 && (asn1->source_mtime == pkey_mtime)) {
                         ssl_log(pServ, SSL_LOG_INFO,
@@ -427,12 +428,15 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
              * RSA structure which do not survive DSO reloads!)
              */
             cp = apr_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
-            asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tPrivateKey, cp);
+            length = i2d_PrivateKey(pPrivateKey, NULL);
-            asn1->nData  = i2d_PrivateKey(pPrivateKey, NULL);
+            ucp = ssl_asn1_table_set(mc->tPrivateKey, cp, length);
-            asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
+            (void)i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */
-            ucp = asn1->cpData; i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */
 
+            if (nPassPhraseDialogCur != 0) {
+                /* remember mtime of encrypted keys */
+                asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp);
                 asn1->source_mtime = pkey_mtime;
+            }
 
             /*
              * Free the private key structure