You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by do...@apache.org on 2002/03/12 23:34:32 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_init.c
dougm 02/03/12 14:34:32
Modified: modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_init.c
Log:
it is not required that temporary keys survive restarts, since they
are generated and destroyed on every restart.
so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.
Revision Changes Path
1.72 +0 -2 httpd-2.0/modules/ssl/mod_ssl.h
Index: mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- mod_ssl.h 12 Mar 2002 22:11:51 -0000 1.71
+++ mod_ssl.h 12 Mar 2002 22:34:31 -0000 1.72
@@ -300,7 +300,6 @@
*/
#define SSL_TKP_GEN (0)
-#define SSL_TKP_ALLOC (1)
#define SSL_TKP_FREE (2)
#define SSL_TKPIDX_RSA512 (0)
@@ -517,7 +516,6 @@
apr_lock_t *pMutex;
apr_array_header_t *aRandSeed;
apr_hash_t *tVHostKeys;
- apr_hash_t *tTmpKeys;
void *pTmpKeys[SSL_TKPIDX_MAX];
apr_hash_t *tPublicCert;
apr_hash_t *tPrivateKey;
1.34 +0 -1 httpd-2.0/modules/ssl/ssl_engine_config.c
Index: ssl_engine_config.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- ssl_engine_config.c 12 Mar 2002 21:12:49 -0000 1.33
+++ ssl_engine_config.c 12 Mar 2002 22:34:31 -0000 1.34
@@ -107,7 +107,6 @@
mc->tVHostKeys = apr_hash_make(pool);
mc->tPrivateKey = apr_hash_make(pool);
mc->tPublicCert = apr_hash_make(pool);
- mc->tTmpKeys = apr_hash_make(pool);
#ifdef SSL_EXPERIMENTAL_ENGINE
mc->szCryptoDevice = NULL;
#endif
1.49 +21 -102 httpd-2.0/modules/ssl/ssl_engine_init.c
Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- ssl_engine_init.c 12 Mar 2002 22:08:23 -0000 1.48
+++ ssl_engine_init.c 12 Mar 2002 22:34:31 -0000 1.49
@@ -226,11 +226,6 @@
ssl_rand_seed(base_server, p, SSL_RSCTX_STARTUP, "Init: ");
/*
- * allocate the temporary RSA keys and DH params
- */
- ssl_init_TmpKeysHandle(SSL_TKP_ALLOC, base_server, p);
-
- /*
* initialize servers
*/
ssl_log(base_server, SSL_LOG_INFO,
@@ -323,11 +318,6 @@
void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig(s);
- ssl_asn1_t *asn1;
- unsigned char *ptr;
- long int length;
- RSA *rsa;
- DH *dh;
if (action == SSL_TKP_GEN) { /* Generate Keys and Params */
/* seed PRNG */
@@ -337,119 +327,48 @@
ssl_log(s, SSL_LOG_INFO,
"Init: Generating temporary RSA private keys (512/1024 bits)");
- if (!(rsa = RSA_generate_key(512, RSA_F4, NULL, NULL))) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
+ /* generate 512 bit RSA key */
+ if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] =
+ RSA_generate_key(512, RSA_F4, NULL, NULL)))
+ {
+ ssl_log(s, SSL_LOG_ERROR,
"Init: Failed to generate temporary "
"512 bit RSA private key");
ssl_die();
}
- length = i2d_RSAPrivateKey(rsa, NULL);
- ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:512", length);
- (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */
- RSA_free(rsa);
-
/* generate 1024 bit RSA key */
- if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL))) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
+ if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] =
+ RSA_generate_key(1024, RSA_F4, NULL, NULL)))
+ {
+ ssl_log(s, SSL_LOG_ERROR,
"Init: Failed to generate temporary "
"1024 bit RSA private key");
ssl_die();
}
- length = i2d_RSAPrivateKey(rsa, NULL);
- ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:1024", length);
- (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */
- RSA_free(rsa);
-
ssl_log(s, SSL_LOG_INFO,
- "Init: Configuring temporary DH parameters (512/1024 bits)");
+ "Init: Configuring temporary "
+ "DH parameters (512/1024 bits)");
- /* import 512 bit DH param */
- if (!(dh = ssl_dh_GetTmpParam(512))) {
+ /* generate 512 bit DH param */
+ if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] =
+ ssl_dh_GetTmpParam(512)))
+ {
ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to import temporary "
+ "Init: Failed to generate temporary "
"512 bit DH parameters");
ssl_die();
}
- length = i2d_DHparams(dh, NULL);
- ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:512", length);
- (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */
- DH_free(dh);
-
- /* import 1024 bit DH param */
- if (!(dh = ssl_dh_GetTmpParam(1024))) {
+ /* generate 1024 bit DH param */
+ if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] =
+ ssl_dh_GetTmpParam(1024)))
+ {
ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to import temporary "
+ "Init: Failed to generate temporary "
"1024 bit DH parameters");
ssl_die();
- }
-
- length = i2d_DHparams(dh, NULL);
- ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:1024", length);
- (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */
- DH_free(dh);
- }
- else if (action == SSL_TKP_ALLOC) { /* Allocate Keys and Params */
- ssl_log(s, SSL_LOG_INFO,
- "Init: Configuring temporary "
- "RSA private keys (512/1024 bits)");
-
- /* allocate 512 bit RSA key */
- if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:512"))) {
- ptr = asn1->cpData;
- if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] =
- d2i_RSAPrivateKey(NULL, &ptr, asn1->nData)))
- {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to load temporary "
- "512 bit RSA private key");
- ssl_die();
- }
- }
-
- /* allocate 1024 bit RSA key */
- if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:1024"))) {
- ptr = asn1->cpData;
- if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] =
- d2i_RSAPrivateKey(NULL, &ptr, asn1->nData)))
- {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to load temporary "
- "1024 bit RSA private key");
- ssl_die();
- }
- }
-
- ssl_log(s, SSL_LOG_INFO,
- "Init: Configuring temporary "
- "DH parameters (512/1024 bits)");
-
- /* allocate 512 bit DH param */
- if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:512"))) {
- ptr = asn1->cpData;
- if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] =
- d2i_DHparams(NULL, &ptr, asn1->nData)))
- {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to load temporary "
- "512 bit DH parameters");
- ssl_die();
- }
- }
-
- /* allocate 1024 bit DH param */
- if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:1024"))) {
- ptr = asn1->cpData;
- if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] =
- d2i_DHparams(NULL, &ptr, asn1->nData)))
- {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to load temporary "
- "1024 bit DH parameters");
- ssl_die();
- }
}
}
else if (action == SSL_TKP_FREE) { /* Free Keys and Params */