You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by yl...@apache.org on 2016/12/02 22:26:07 UTC

svn commit: r1772416 - in /apr/apr-util/branches/1.5.x: ./ crypto/apr_crypto_nss.c crypto/apr_crypto_openssl.c

Author: ylavic
Date: Fri Dec  2 22:26:07 2016
New Revision: 1772416

URL: http://svn.apache.org/viewvc?rev=1772416&view=rev
Log:
Merge r1772414 from trunk.

apr_crypto: axe the un(thread)safe key cache, creating each key on the pool
given to crypto_key()/crypto_passphrase().

Committed/Reviewed by: ylavic

Modified:
    apr/apr-util/branches/1.5.x/   (props changed)
    apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
    apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c

Propchange: apr/apr-util/branches/1.5.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Dec  2 22:26:07 2016
@@ -1,4 +1,4 @@
-/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1751806,1751898
+/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1751806,1751898,1772414
 /apr/apr-util/branches/1.3.x:896410,1154885
 /apr/apr-util/branches/1.4.x:1126217,1211211,1211219,1211223,1211330
 /apr/apr-util/trunk:731033-731034,731225,731236,731291,731293,731379,743986,744009,745771,747612,747623,747630,1626561

Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c?rev=1772416&r1=1772415&r2=1772416&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c Fri Dec  2 22:26:07 2016
@@ -50,7 +50,6 @@ struct apr_crypto_t {
     apr_pool_t *pool;
     const apr_crypto_driver_t *provider;
     apu_err_t *result;
-    apr_array_header_t *keys;
     apr_crypto_config_t *config;
     apr_hash_t *types;
     apr_hash_t *modes;
@@ -263,6 +262,16 @@ static apr_status_t crypto_block_cleanup
     return crypto_block_cleanup(block);
 }
 
+static apr_status_t crypto_key_cleanup(void *data)
+{
+    apr_crypto_key_t *key = data;
+    if (key->symKey) {
+        PK11_FreeSymKey(key->symKey);
+        key->symKey = NULL;
+    }
+    return APR_SUCCESS;
+}
+
 /**
  * @brief Clean encryption / decryption context.
  * @note After cleanup, a context is free to be reused if necessary.
@@ -271,24 +280,9 @@ static apr_status_t crypto_block_cleanup
  */
 static apr_status_t crypto_cleanup(apr_crypto_t *f)
 {
-    apr_crypto_key_t *key;
-    if (f->keys) {
-        while ((key = apr_array_pop(f->keys))) {
-            if (key->symKey) {
-                PK11_FreeSymKey(key->symKey);
-                key->symKey = NULL;
-            }
-        }
-    }
     return APR_SUCCESS;
 }
 
-static apr_status_t crypto_cleanup_helper(void *data)
-{
-    apr_crypto_t *f = (apr_crypto_t *) data;
-    return crypto_cleanup(f);
-}
-
 /**
  * @brief Create a context for supporting encryption. Keys, certificates,
  *        algorithms and other parameters will be set per context. More than
@@ -323,7 +317,6 @@ static apr_status_t crypto_make(apr_cryp
     if (!f->result) {
         return APR_ENOMEM;
     }
-    f->keys = apr_array_make(pool, 10, sizeof(apr_crypto_key_t));
 
     f->types = apr_hash_make(pool);
     if (!f->types) {
@@ -341,9 +334,6 @@ static apr_status_t crypto_make(apr_cryp
     apr_hash_set(f->modes, "ecb", APR_HASH_KEY_STRING, &(mode_ecb));
     apr_hash_set(f->modes, "cbc", APR_HASH_KEY_STRING, &(mode_cbc));
 
-    apr_pool_cleanup_register(pool, f, crypto_cleanup_helper,
-            apr_pool_cleanup_null);
-
     return APR_SUCCESS;
 
 }
@@ -421,10 +411,12 @@ static apr_status_t crypto_passphrase(ap
     apr_crypto_key_t *key = *k;
 
     if (!key) {
-        *k = key = apr_array_push(f->keys);
-    }
-    if (!key) {
-        return APR_ENOMEM;
+        *k = key = apr_pcalloc(p, sizeof *key);
+        if (!key) {
+            return APR_ENOMEM;
+        }
+        apr_pool_cleanup_register(p, key, crypto_key_cleanup,
+                                  apr_pool_cleanup_null);
     }
 
     key->f = f;

Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c?rev=1772416&r1=1772415&r2=1772416&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c Fri Dec  2 22:26:07 2016
@@ -39,7 +39,6 @@ struct apr_crypto_t {
     apr_pool_t *pool;
     const apr_crypto_driver_t *provider;
     apu_err_t *result;
-    apr_array_header_t *keys;
     apr_crypto_config_t *config;
     apr_hash_t *types;
     apr_hash_t *modes;
@@ -284,11 +283,6 @@ static apr_status_t crypto_make(apr_cryp
         return APR_ENOMEM;
     }
 
-    f->keys = apr_array_make(pool, 10, sizeof(apr_crypto_key_t));
-    if (!f->keys) {
-        return APR_ENOMEM;
-    }
-
     f->types = apr_hash_make(pool);
     if (!f->types) {
         return APR_ENOMEM;
@@ -391,10 +385,10 @@ static apr_status_t crypto_passphrase(ap
     apr_crypto_key_t *key = *k;
 
     if (!key) {
-        *k = key = apr_array_push(f->keys);
-    }
-    if (!key) {
-        return APR_ENOMEM;
+        *k = key = apr_pcalloc(p, sizeof *key);
+        if (!key) {
+            return APR_ENOMEM;
+        }
     }
 
     key->f = f;