You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by do...@apache.org on 2002/02/28 02:30:18 UTC

cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_pphrase.c

dougm       02/02/27 17:30:18

  Modified:    modules/ssl mod_ssl.h ssl_engine_config.c
                        ssl_engine_pphrase.c
  Log:
  reuse vhost keys for asn1 tables where keys are allocated out
  of s->process->pool to prevent "leaking" each time we format
  a vhost key.
  
  Revision  Changes    Path
  1.64      +1 -0      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.63
  retrieving revision 1.64
  diff -u -r1.63 -r1.64
  --- mod_ssl.h	28 Feb 2002 00:28:05 -0000	1.63
  +++ mod_ssl.h	28 Feb 2002 01:30:18 -0000	1.64
  @@ -516,6 +516,7 @@
       apr_lock_t     *pMutex;
       apr_array_header_t   *aRandSeed;
       int             nScoreboardSize; /* used for builtin random seed */
  +    apr_hash_t     *tVHostKeys;
       apr_hash_t     *tTmpKeys;
       void           *pTmpKeys[SSL_TKPIDX_MAX];
       apr_hash_t     *tPublicCert;
  
  
  
  1.26      +1 -0      httpd-2.0/modules/ssl/ssl_engine_config.c
  
  Index: ssl_engine_config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- ssl_engine_config.c	28 Feb 2002 00:28:05 -0000	1.25
  +++ ssl_engine_config.c	28 Feb 2002 01:30:18 -0000	1.26
  @@ -101,6 +101,7 @@
           mc->szMutexFile            = NULL;
           mc->pMutex                 = NULL;
           mc->aRandSeed              = apr_array_make(pPool, 4, sizeof(ssl_randseed_t));
  +        mc->tVHostKeys             = apr_hash_make(pPool);
           mc->tPrivateKey            = apr_hash_make(pPool);
           mc->tPublicCert            = apr_hash_make(pPool);
           mc->tTmpKeys               = apr_hash_make(pPool);
  
  
  
  1.18      +36 -2     httpd-2.0/modules/ssl/ssl_engine_pphrase.c
  
  Index: ssl_engine_pphrase.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- ssl_engine_pphrase.c	28 Feb 2002 00:28:05 -0000	1.17
  +++ ssl_engine_pphrase.c	28 Feb 2002 01:30:18 -0000	1.18
  @@ -90,6 +90,40 @@
       return APR_SUCCESS;
   }
   
  +/*
  + * reuse vhost keys for asn1 tables where keys are allocated out
  + * of s->process->pool to prevent "leaking" each time we format
  + * a vhost key.  since the key is stored in a table with lifetime
  + * of s->process->pool, the key needs to have the same lifetime.
  + *
  + * XXX: probably seems silly to use a hash table with keys and values
  + * being the same, but it is easier than doing a linear search
  + * and will make it easier to remove keys if needed in the future.
  + * also have the problem with apr_array_header_t that if we
  + * underestimate the number of vhost keys when we apr_array_make(),
  + * the array will get resized when we push past the initial number
  + * of elts.  this resizing in the s->process->pool means "leaking"
  + * since apr_array_push() will apr_alloc arr->nalloc * 2 elts,
  + * leaving the original arr->elts to waste.
  + */
  +static char *asn1_table_vhost_key(SSLModConfigRec *mc, apr_pool_t *p,
  +                                  char *id, char *an)
  +{
  +    /* 'p' pool used here is cleared on restarts */
  +    char *key = apr_psprintf(p, "%s:%s", id, an);
  +    void *keyptr = apr_hash_get(mc->tVHostKeys, key,
  +                                APR_HASH_KEY_STRING);
  +
  +    if (!keyptr) {
  +        /* make a copy out of s->process->pool */
  +        keyptr = apr_pstrdup(mc->pPool, key);
  +        apr_hash_set(mc->tVHostKeys, keyptr,
  +                     APR_HASH_KEY_STRING, keyptr);
  +    }
  +
  +    return (char *)keyptr;
  +}
  +
   /*  _________________________________________________________________
   **
   **  Pass Phrase and Private Key Handling
  @@ -199,7 +233,7 @@
                * certificate is actually used to configure mod_ssl's per-server
                * configuration structures).
                */
  -            cp = apr_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
  +            cp = asn1_table_vhost_key(mc, p, cpVHostID, an);
               length = i2d_X509(pX509Cert, NULL);
               ucp = ssl_asn1_table_set(mc->tPublicCert, cp, length);
               (void)i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */
  @@ -426,7 +460,7 @@
                * because the SSL library uses static variables inside a
                * RSA structure which do not survive DSO reloads!)
                */
  -            cp = apr_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
  +            cp = asn1_table_vhost_key(mc, p, cpVHostID, an);
               length = i2d_PrivateKey(pPrivateKey, NULL);
               ucp = ssl_asn1_table_set(mc->tPrivateKey, cp, length);
               (void)i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */