You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jw...@apache.org on 2002/03/01 05:35:18 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_init.c ssl_engine_rand.c
jwoolley 02/02/28 20:35:18
Modified: modules/ssl mod_ssl.h ssl_engine_init.c ssl_engine_rand.c
Log:
Consensus is that we should not use the scoreboard as a source of entropy.
Reviewed by: OtherBill, Justin, Madhu
Revision Changes Path
1.65 +0 -1 httpd-2.0/modules/ssl/mod_ssl.h
Index: mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -d -u -r1.64 -r1.65
--- mod_ssl.h 28 Feb 2002 01:30:18 -0000 1.64
+++ mod_ssl.h 1 Mar 2002 04:35:17 -0000 1.65
@@ -515,7 +515,6 @@
char *szMutexFile;
apr_lock_t *pMutex;
apr_array_header_t *aRandSeed;
- int nScoreboardSize; /* used for builtin random seed */
apr_hash_t *tVHostKeys;
apr_hash_t *tTmpKeys;
void *pTmpKeys[SSL_TKPIDX_MAX];
1.42 +0 -4 httpd-2.0/modules/ssl/ssl_engine_init.c
Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -u -r1.41 -r1.42
--- ssl_engine_init.c 28 Feb 2002 05:58:49 -0000 1.41
+++ ssl_engine_init.c 1 Mar 2002 04:35:17 -0000 1.42
@@ -163,11 +163,7 @@
/*
* Seed the Pseudo Random Number Generator (PRNG)
- *
- * Note: scoreboard size must be fetched at init time because
- * ap_calc_scoreboard_size() is not threadsafe
*/
- mc->nScoreboardSize = ap_calc_scoreboard_size();
ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
/*
1.13 +0 -16 httpd-2.0/modules/ssl/ssl_engine_rand.c
Index: ssl_engine_rand.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_rand.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -u -r1.12 -r1.13
--- ssl_engine_rand.c 25 Feb 2002 04:23:03 -0000 1.12
+++ ssl_engine_rand.c 1 Mar 2002 04:35:17 -0000 1.13
@@ -81,7 +81,6 @@
int nReq, nDone;
apr_file_t *fp;
int i, n, l;
- int m;
mc = myModConfig(s);
nReq = 0;
@@ -155,21 +154,6 @@
RAND_seed(stackdata+n, 128);
nDone += 128;
- /*
- * seed in data extracted from the current scoreboard
- *
- * XXX: this assumes that the entire scoreboard is
- * allocated in one big block of memory that begins at
- * the location pointed to by ap_scoreboard_image->global
- */
- if (ap_scoreboard_image != NULL && mc->nScoreboardSize > 16)
- {
- m = ((mc->nScoreboardSize / 2) - 1);
- n = ssl_rand_choosenum(0, m);
- RAND_seed(
- ((unsigned char *)ap_scoreboard_image->global)+n, m);
- nDone += m;
- }
}
}
}