www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-01 07:26:57 +03:00
Code Activity

switch SSLModConfigRec.tPrivateKey to ssl_asn1_table api to prevent

Browse Source 
leakage on restarts.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93614 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Doug MacEachern
2002-02-28 00:23:32 +00:00
parent 01b903dfc4
commit e778179d1f
4 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/ssl/mod_ssl.h
View File

@ -519,7 +519,7 @@ typedef struct {
apr_hash_t *tTmpKeys;
void *pTmpKeys[SSL_TKPIDX_MAX];
ssl_ds_table *tPublicCert;
ssl_ds_table *tPrivateKey;
apr_hash_t *tPrivateKey;
#ifdef SSL_EXPERIMENTAL_ENGINE
char *szCryptoDevice;
#endif

2
modules/ssl/ssl_engine_config.c
View File

@ -101,7 +101,7 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
mc->szMutexFile = NULL;
mc->pMutex = NULL;
mc->aRandSeed = apr_array_make(pPool, 4, sizeof(ssl_randseed_t));
mc->tPrivateKey = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
mc->tPrivateKey = apr_hash_make(pPool);
mc->tPublicCert = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
mc->tTmpKeys = apr_hash_make(pPool);
#ifdef SSL_EXPERIMENTAL_ENGINE

4
modules/ssl/ssl_engine_init.c
View File

@ -682,7 +682,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
*/
ok = FALSE;
cp = apr_psprintf(p, "%s:RSA", cpVHostID);
if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
if ((asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp)) != NULL) {
ssl_log(s, SSL_LOG_TRACE,
"Init: (%s) Configuring RSA server private key", cpVHostID);
ucp = asn1->cpData;
@ -702,7 +702,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
ok = TRUE;
}
cp = apr_psprintf(p, "%s:DSA", cpVHostID);
if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
if ((asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp)) != NULL) {
ssl_log(s, SSL_LOG_TRACE,
"Init: (%s) Configuring DSA server private key", cpVHostID);
ucp = asn1->cpData;

14
modules/ssl/ssl_engine_pphrase.c
View File

@ -114,6 +114,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
EVP_PKEY *pPrivateKey;
ssl_asn1_t *asn1;
unsigned char *ucp;
long int length;
X509 *pX509Cert;
BOOL bReadable;
ssl_ds_array *aPassPhrase;
@ -278,7 +279,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
!(isterm = isatty(fileno(stdout)))) /* XXX: apr_isatty() */
{
char *key_id = apr_psprintf(p, "%s:%s", cpVHostID, "RSA"); /* XXX: check for DSA key too? */
ssl_asn1_t *asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, key_id);
ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->tPrivateKey, key_id);
if (asn1 && (asn1->source_mtime == pkey_mtime)) {
ssl_log(pServ, SSL_LOG_INFO,
@ -427,12 +428,15 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
* RSA structure which do not survive DSO reloads!)
*/
cp = apr_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tPrivateKey, cp);
asn1->nData = i2d_PrivateKey(pPrivateKey, NULL);
asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
ucp = asn1->cpData; i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */
length = i2d_PrivateKey(pPrivateKey, NULL);
ucp = ssl_asn1_table_set(mc->tPrivateKey, cp, length);
(void)i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */
if (nPassPhraseDialogCur != 0) {
/* remember mtime of encrypted keys */
asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp);
asn1->source_mtime = pkey_mtime;
}
/*
* Free the private key structure