You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jw...@apache.org on 2002/03/01 05:35:18 UTC

cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_init.c ssl_engine_rand.c

jwoolley    02/02/28 20:35:18

  Modified:    modules/ssl mod_ssl.h ssl_engine_init.c ssl_engine_rand.c
  Log:
  Consensus is that we should not use the scoreboard as a source of entropy.
  
  Reviewed by: OtherBill, Justin, Madhu
  
  Revision  Changes    Path
  1.65      +0 -1      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.64
  retrieving revision 1.65
  diff -u -d -u -r1.64 -r1.65
  --- mod_ssl.h	28 Feb 2002 01:30:18 -0000	1.64
  +++ mod_ssl.h	1 Mar 2002 04:35:17 -0000	1.65
  @@ -515,7 +515,6 @@
       char           *szMutexFile;
       apr_lock_t     *pMutex;
       apr_array_header_t   *aRandSeed;
  -    int             nScoreboardSize; /* used for builtin random seed */
       apr_hash_t     *tVHostKeys;
       apr_hash_t     *tTmpKeys;
       void           *pTmpKeys[SSL_TKPIDX_MAX];
  
  
  
  1.42      +0 -4      httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.41
  retrieving revision 1.42
  diff -u -d -u -r1.41 -r1.42
  --- ssl_engine_init.c	28 Feb 2002 05:58:49 -0000	1.41
  +++ ssl_engine_init.c	1 Mar 2002 04:35:17 -0000	1.42
  @@ -163,11 +163,7 @@
   
       /*
        * Seed the Pseudo Random Number Generator (PRNG)
  -     *
  -     * Note: scoreboard size must be fetched at init time because
  -     * ap_calc_scoreboard_size() is not threadsafe
        */
  -    mc->nScoreboardSize = ap_calc_scoreboard_size();
       ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
   
       /*
  
  
  
  1.13      +0 -16     httpd-2.0/modules/ssl/ssl_engine_rand.c
  
  Index: ssl_engine_rand.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_rand.c,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -d -u -r1.12 -r1.13
  --- ssl_engine_rand.c	25 Feb 2002 04:23:03 -0000	1.12
  +++ ssl_engine_rand.c	1 Mar 2002 04:35:17 -0000	1.13
  @@ -81,7 +81,6 @@
       int nReq, nDone;
       apr_file_t *fp;
       int i, n, l;
  -    int m;
   
       mc = myModConfig(s);
       nReq  = 0;
  @@ -155,21 +154,6 @@
                   RAND_seed(stackdata+n, 128);
                   nDone += 128;
   
  -                /*
  -                 * seed in data extracted from the current scoreboard
  -                 *
  -                 * XXX: this assumes that the entire scoreboard is
  -                 * allocated in one big block of memory that begins at
  -                 * the location pointed to by ap_scoreboard_image->global
  -                 */
  -                if (ap_scoreboard_image != NULL && mc->nScoreboardSize > 16)
  -                {
  -                    m = ((mc->nScoreboardSize / 2) - 1);
  -                    n = ssl_rand_choosenum(0, m);
  -                    RAND_seed(
  -                        ((unsigned char *)ap_scoreboard_image->global)+n, m);
  -                    nDone += m;
  -                }
               }
           }
       }