You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by yl...@apache.org on 2016/12/02 22:26:07 UTC
svn commit: r1772416 - in /apr/apr-util/branches/1.5.x: ./
crypto/apr_crypto_nss.c crypto/apr_crypto_openssl.c
Author: ylavic
Date: Fri Dec 2 22:26:07 2016
New Revision: 1772416
URL: http://svn.apache.org/viewvc?rev=1772416&view=rev
Log:
Merge r1772414 from trunk.
apr_crypto: axe the un(thread)safe key cache, creating each key on the pool
given to crypto_key()/crypto_passphrase().
Committed/Reviewed by: ylavic
Modified:
apr/apr-util/branches/1.5.x/ (props changed)
apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c
Propchange: apr/apr-util/branches/1.5.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Dec 2 22:26:07 2016
@@ -1,4 +1,4 @@
-/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1751806,1751898
+/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1751806,1751898,1772414
/apr/apr-util/branches/1.3.x:896410,1154885
/apr/apr-util/branches/1.4.x:1126217,1211211,1211219,1211223,1211330
/apr/apr-util/trunk:731033-731034,731225,731236,731291,731293,731379,743986,744009,745771,747612,747623,747630,1626561
Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c?rev=1772416&r1=1772415&r2=1772416&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c Fri Dec 2 22:26:07 2016
@@ -50,7 +50,6 @@ struct apr_crypto_t {
apr_pool_t *pool;
const apr_crypto_driver_t *provider;
apu_err_t *result;
- apr_array_header_t *keys;
apr_crypto_config_t *config;
apr_hash_t *types;
apr_hash_t *modes;
@@ -263,6 +262,16 @@ static apr_status_t crypto_block_cleanup
return crypto_block_cleanup(block);
}
+static apr_status_t crypto_key_cleanup(void *data)
+{
+ apr_crypto_key_t *key = data;
+ if (key->symKey) {
+ PK11_FreeSymKey(key->symKey);
+ key->symKey = NULL;
+ }
+ return APR_SUCCESS;
+}
+
/**
* @brief Clean encryption / decryption context.
* @note After cleanup, a context is free to be reused if necessary.
@@ -271,24 +280,9 @@ static apr_status_t crypto_block_cleanup
*/
static apr_status_t crypto_cleanup(apr_crypto_t *f)
{
- apr_crypto_key_t *key;
- if (f->keys) {
- while ((key = apr_array_pop(f->keys))) {
- if (key->symKey) {
- PK11_FreeSymKey(key->symKey);
- key->symKey = NULL;
- }
- }
- }
return APR_SUCCESS;
}
-static apr_status_t crypto_cleanup_helper(void *data)
-{
- apr_crypto_t *f = (apr_crypto_t *) data;
- return crypto_cleanup(f);
-}
-
/**
* @brief Create a context for supporting encryption. Keys, certificates,
* algorithms and other parameters will be set per context. More than
@@ -323,7 +317,6 @@ static apr_status_t crypto_make(apr_cryp
if (!f->result) {
return APR_ENOMEM;
}
- f->keys = apr_array_make(pool, 10, sizeof(apr_crypto_key_t));
f->types = apr_hash_make(pool);
if (!f->types) {
@@ -341,9 +334,6 @@ static apr_status_t crypto_make(apr_cryp
apr_hash_set(f->modes, "ecb", APR_HASH_KEY_STRING, &(mode_ecb));
apr_hash_set(f->modes, "cbc", APR_HASH_KEY_STRING, &(mode_cbc));
- apr_pool_cleanup_register(pool, f, crypto_cleanup_helper,
- apr_pool_cleanup_null);
-
return APR_SUCCESS;
}
@@ -421,10 +411,12 @@ static apr_status_t crypto_passphrase(ap
apr_crypto_key_t *key = *k;
if (!key) {
- *k = key = apr_array_push(f->keys);
- }
- if (!key) {
- return APR_ENOMEM;
+ *k = key = apr_pcalloc(p, sizeof *key);
+ if (!key) {
+ return APR_ENOMEM;
+ }
+ apr_pool_cleanup_register(p, key, crypto_key_cleanup,
+ apr_pool_cleanup_null);
}
key->f = f;
Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c?rev=1772416&r1=1772415&r2=1772416&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c Fri Dec 2 22:26:07 2016
@@ -39,7 +39,6 @@ struct apr_crypto_t {
apr_pool_t *pool;
const apr_crypto_driver_t *provider;
apu_err_t *result;
- apr_array_header_t *keys;
apr_crypto_config_t *config;
apr_hash_t *types;
apr_hash_t *modes;
@@ -284,11 +283,6 @@ static apr_status_t crypto_make(apr_cryp
return APR_ENOMEM;
}
- f->keys = apr_array_make(pool, 10, sizeof(apr_crypto_key_t));
- if (!f->keys) {
- return APR_ENOMEM;
- }
-
f->types = apr_hash_make(pool);
if (!f->types) {
return APR_ENOMEM;
@@ -391,10 +385,10 @@ static apr_status_t crypto_passphrase(ap
apr_crypto_key_t *key = *k;
if (!key) {
- *k = key = apr_array_push(f->keys);
- }
- if (!key) {
- return APR_ENOMEM;
+ *k = key = apr_pcalloc(p, sizeof *key);
+ if (!key) {
+ return APR_ENOMEM;
+ }
}
key->f = f;