apache

www/apache

mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00

Author	SHA1	Message	Date
Eric Covener	e8c16c83e1	be less specific and don't echo passphrase git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876807 13f79535-47bb-0310-9956-ffa450edef68	2020-04-22 01:16:00 +00:00
Eric Covener	bef4205da3	bubble up an error if none of the passhrases work previously, the un-decodable z->encoded would get set to NULL but success would be returned git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874674 13f79535-47bb-0310-9956-ffa450edef68	2020-03-01 22:40:03 +00:00
Graham Leggett	cd58f1856a	After reinstatement of DSO support in APR/APR-util, revert r1837437, r1837435, r1834553, r1833598, r1833452, r1833383, r1833368. Undoes the following: mod_ssl: OpenSSL now initializes fully through APR, use that. mod_ssl: build with LibreSSL. LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master). So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7 compatibility-exceptions are handled explicitely but overall it's simpler. Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions, while the latter has never been (and will never be) defined. So don't call any with LibreSSL. Follow up to r1833368: share openssl between modules. Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto can use the same crypto library (e.g. openssl), use the new APR crypto loading API so that they can work together and initialize/terminate the lib either once for all or on demand and reusable by the others. Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID. Make use of the new apr_crypto_rng API if available. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1861947 13f79535-47bb-0310-9956-ffa450edef68	2019-06-23 21:10:23 +00:00
Yann Ylavic	e6c090ea5a	Follow up to r1833368: share openssl between modules. Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto can use the same crypto library (e.g. openssl), use the new APR crypto loading API so that they can work together and initialize/terminate the lib either once for all or on demand and reusable by the others. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833452 13f79535-47bb-0310-9956-ffa450edef68	2018-06-13 09:54:16 +00:00
Yann Ylavic	4c670d1715	Follow up to r1772812: update APLOGNO(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1783764 13f79535-47bb-0310-9956-ffa450edef68	2017-02-20 14:03:28 +00:00
Yann Ylavic	fed21b132d	mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) to prevent deciphering or tampering with a padding oracle attack. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772812 13f79535-47bb-0310-9956-ffa450edef68	2016-12-05 23:43:05 +00:00
Christophe Jaillet	6ae5c8f6f3	Remove redundant check (already performed the line before) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1551012 13f79535-47bb-0310-9956-ffa450edef68	2013-12-15 10:30:35 +00:00
Graham Leggett	c7ec3ecccd	mod_session_crypto: Make sure we try to initialise twice, so we don't succeed in configtest but fail on restart. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1550312 13f79535-47bb-0310-9956-ffa450edef68	2013-12-11 23:14:46 +00:00
Daniel Ruggeri	90f9939cee	Add exec: callout support for mod_session_crypto git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1524079 13f79535-47bb-0310-9956-ffa450edef68	2013-09-17 14:53:21 +00:00
Stefan Fritsch	e00688ffd9	Use %pm available since apr 1.3 instead of an extra call to apr_strerror git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1463056 13f79535-47bb-0310-9956-ffa450edef68	2013-03-31 21:29:28 +00:00
Graham Leggett	48a3a922e2	mod_session_crypto: Protect ourselves against underlying libraries who fail to load without providing an error message of their own. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1418655 13f79535-47bb-0310-9956-ffa450edef68	2012-12-08 12:12:16 +00:00
Stefan Fritsch	92e366007c	Add lots of unique tags to error log messages git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209766 13f79535-47bb-0310-9956-ffa450edef68	2011-12-02 23:02:04 +00:00
Graham Leggett	45eb1cdd06	mod_session: Use apr_status_t as a return code across the mod_session API, clarify where we ignore errors and why. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209603 13f79535-47bb-0310-9956-ffa450edef68	2011-12-02 17:47:05 +00:00
Graham Leggett	efcf8a984c	mod_session_crypto: Fix a pool lifetime problem when reading from SessionCryptoPassphraseFile. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209461 13f79535-47bb-0310-9956-ffa450edef68	2011-12-02 13:23:21 +00:00
Stefan Fritsch	7ecccc1570	Remove some more now redundant log prefixes git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1208816 13f79535-47bb-0310-9956-ffa450edef68	2011-11-30 21:51:51 +00:00
Graham Leggett	8f46969f8e	mod_session_crypto: Add a SessionCryptoPassphraseFile directive so that the administrator can hide the keys from the configuration. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1208517 13f79535-47bb-0310-9956-ffa450edef68	2011-11-30 16:56:50 +00:00
Graham Leggett	6e132242c3	Remove unused variables. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1206338 13f79535-47bb-0310-9956-ffa450edef68	2011-11-25 21:43:08 +00:00
Graham Leggett	1211292e7f	Remove spurious parsing of the cipher parameter. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1188945 13f79535-47bb-0310-9956-ffa450edef68	2011-10-25 22:10:04 +00:00
Graham Leggett	848139b502	mod_session_crypto: Refactor to support the new apr_crypto API. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1188900 13f79535-47bb-0310-9956-ffa450edef68	2011-10-25 20:45:40 +00:00
Stefan Fritsch	abb02e83c2	Fix build with recent apr_crypto API change git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1138611 13f79535-47bb-0310-9956-ffa450edef68	2011-06-22 20:16:43 +00:00
Graham Leggett	cc6b937c77	mod_session_crypto: Use the apr v2.0 crypto interface, which has been backported to apr-util v1.4. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1126233 13f79535-47bb-0310-9956-ffa450edef68	2011-05-22 21:37:21 +00:00
Graham Leggett	b9474fdfeb	Remove the references to apr_crypto_t where apr_crypto_block_t is already present. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103385 13f79535-47bb-0310-9956-ffa450edef68	2011-05-15 14:15:22 +00:00
Graham Leggett	e18345a584	Add API protection against the deprecated v1.4 apr_crypto API. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103351 13f79535-47bb-0310-9956-ffa450edef68	2011-05-15 12:44:25 +00:00
Graham Leggett	e155f87c68	Reorder the parameters as per the updated apr v2.0 apr_crypto API. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103337 13f79535-47bb-0310-9956-ffa450edef68	2011-05-15 12:24:22 +00:00
Graham Leggett	2a1e8f277b	Use namespace protection on mode and type constants. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103331 13f79535-47bb-0310-9956-ffa450edef68	2011-05-15 11:39:00 +00:00
Stefan Fritsch	385da96d50	Use ap_state_query() to fix many modules that were not correctly initializing if they were not active during server startup but got enabled later during a graceful restart (in which case they need to do all work during a single config run). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1070153 13f79535-47bb-0310-9956-ffa450edef68	2011-02-12 21:23:56 +00:00
Stefan Fritsch	1882214e86	break some very long lines, no code change git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1063016 13f79535-47bb-0310-9956-ffa450edef68	2011-01-24 22:12:24 +00:00
Guenter Knauf	2db74403c1	Fixed compile-time error message. We test for APU, thus the error statement should tell same; APR and APU are independent before APR 2.0. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1037941 13f79535-47bb-0310-9956-ffa450edef68	2010-11-22 23:34:24 +00:00
Stefan Fritsch	ebb62867fb	Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take advantage of per-module loglevels git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@951895 13f79535-47bb-0310-9956-ffa450edef68	2010-06-06 16:59:50 +00:00
Rainer Jung	afd39cbd25	Work around crypto API incompatibilities. The API in APR 2 is different from the API in APU 1.4/1.5. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@951870 13f79535-47bb-0310-9956-ffa450edef68	2010-06-06 14:47:11 +00:00
Jeff Trawick	e6fc6d32b6	use separate #error message when APR[-Util] is of a valid version but wasn't built with crypto support git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@918562 13f79535-47bb-0310-9956-ffa450edef68	2010-03-03 16:44:57 +00:00
Graham Leggett	e76a453763	Correctly reference the apr_crypto_t context as a context and not a factory, using the new name apr_crypto_make. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@890581 13f79535-47bb-0310-9956-ffa450edef68	2009-12-15 00:31:39 +00:00
Graham Leggett	9c0867de9d	mod_session_crypto: Sanity check should the potentially encrypted session cookie be too short. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814334 13f79535-47bb-0310-9956-ffa450edef68	2009-09-13 16:04:13 +00:00
Graham Leggett	168b109007	mod_session_crypto: Ensure that SessionCryptoDriver can only be set in the global scope. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@731377 13f79535-47bb-0310-9956-ffa450edef68	2009-01-04 22:29:05 +00:00
Graham Leggett	7b58a40668	mod_session_crypto: Rewrite the session_crypto module against the apr_crypto API. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@731088 13f79535-47bb-0310-9956-ffa450edef68	2009-01-03 21:09:47 +00:00
Graham Leggett	36500032fc	Insert prototypes to remove compiler warnings. [Joe Orton] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@646126 13f79535-47bb-0310-9956-ffa450edef68	2008-04-08 23:12:12 +00:00
Paul Querna	a324a1d72f	Remove all references to CORE_PRIVATE. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645455 13f79535-47bb-0310-9956-ffa450edef68	2008-04-07 10:45:43 +00:00
Graham Leggett	f2125f46ec	mod_session_crypto: Initialise SSL in the post config hook. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645244 13f79535-47bb-0310-9956-ffa450edef68	2008-04-06 14:23:35 +00:00
Graham Leggett	8ef6e5e3d9	Fix the defaults, which currently override the config instead of default the config. [Ruediger Pluem] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645243 13f79535-47bb-0310-9956-ffa450edef68	2008-04-06 14:05:27 +00:00
Graham Leggett	5550b95a90	Remove an unnecessary config structure lookup during encrypt and decrypt. [Ruediger Pluem] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645187 13f79535-47bb-0310-9956-ffa450edef68	2008-04-05 23:42:08 +00:00
Graham Leggett	10d47f14ff	Clarify the operation of the SessionCryptoPassphrase directive as raised by rpluem. When SessionCryptoCertificateFile is set, asymmetrical encryption will be used, and SessionCryptoPassphrase will be interpreted as the passphrase protecting the private key. When SessionCryptoCertificateFile is not set, symmetrical encryption is used, and SessionCryptoPassphrase will contain the key to use. Make sure that the engine parameter is properly passed into the crypto functions, and fix a missing cleanup on an error case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645186 13f79535-47bb-0310-9956-ffa450edef68	2008-04-05 23:35:00 +00:00
Graham Leggett	97e4c9276c	mod_session_crypto: Add a session encoding implementation capable of encrypting and decrypting sessions wherever they may be stored. Introduces a level of privacy when sessions are stored on the browser. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644751 13f79535-47bb-0310-9956-ffa450edef68	2008-04-04 16:11:31 +00:00

42 Commits