You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by do...@apache.org on 2002/03/12 23:50:38 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_init.c
dougm 02/03/12 14:50:38
Modified: modules/ssl mod_ssl.h ssl_engine_init.c
Log:
split ssl_init_TmpKeysHandle function to init/free functions,
and make them static to ssl_engine_init.c
Revision Changes Path
1.73 +0 -4 httpd-2.0/modules/ssl/mod_ssl.h
Index: mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- mod_ssl.h 12 Mar 2002 22:34:31 -0000 1.72
+++ mod_ssl.h 12 Mar 2002 22:50:38 -0000 1.73
@@ -299,9 +299,6 @@
* Define IDs for the temporary RSA keys and DH params
*/
-#define SSL_TKP_GEN (0)
-#define SSL_TKP_FREE (2)
-
#define SSL_TKPIDX_RSA512 (0)
#define SSL_TKPIDX_RSA1024 (1)
#define SSL_TKPIDX_DH512 (2)
@@ -645,7 +642,6 @@
/* module initialization */
int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
void ssl_init_Engine(server_rec *, apr_pool_t *);
-void ssl_init_TmpKeysHandle(int, server_rec *, apr_pool_t *);
void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, SSLSrvConfigRec *);
void ssl_init_CheckServers(server_rec *, apr_pool_t *);
STACK_OF(X509_NAME)
1.50 +80 -77 httpd-2.0/modules/ssl/ssl_engine_init.c
Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- ssl_engine_init.c 12 Mar 2002 22:34:31 -0000 1.49
+++ ssl_engine_init.c 12 Mar 2002 22:50:38 -0000 1.50
@@ -120,6 +120,84 @@
}
/*
+ * Handle the Temporary RSA Keys and DH Params
+ */
+
+#define MODSSL_TMP_KEY_FREE(mc, type, idx) \
+ if (mc->pTmpKeys[idx]) { \
+ type##_free((type *)mc->pTmpKeys[idx]); \
+ mc->pTmpKeys[idx] = NULL; \
+ }
+
+#define MODSSL_TMP_KEYS_FREE(mc, type) \
+ MODSSL_TMP_KEY_FREE(mc, type, SSL_TKPIDX_##type##512); \
+ MODSSL_TMP_KEY_FREE(mc, type, SSL_TKPIDX_##type##1024)
+
+static void ssl_tmp_keys_free(server_rec *s)
+{
+ SSLModConfigRec *mc = myModConfig(s);
+
+ MODSSL_TMP_KEYS_FREE(mc, RSA);
+ MODSSL_TMP_KEYS_FREE(mc, DH);
+}
+
+static void ssl_tmp_keys_init(server_rec *s, apr_pool_t *p)
+{
+ SSLModConfigRec *mc = myModConfig(s);
+
+ /* seed PRNG */
+ ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
+
+ /* generate 512 bit RSA key */
+ ssl_log(s, SSL_LOG_INFO,
+ "Init: Generating temporary RSA private keys (512/1024 bits)");
+
+ /* generate 512 bit RSA key */
+ if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] =
+ RSA_generate_key(512, RSA_F4, NULL, NULL)))
+ {
+ ssl_log(s, SSL_LOG_ERROR,
+ "Init: Failed to generate temporary "
+ "512 bit RSA private key");
+ ssl_die();
+ }
+
+ /* generate 1024 bit RSA key */
+ if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] =
+ RSA_generate_key(1024, RSA_F4, NULL, NULL)))
+ {
+ ssl_log(s, SSL_LOG_ERROR,
+ "Init: Failed to generate temporary "
+ "1024 bit RSA private key");
+ ssl_die();
+ }
+
+ ssl_log(s, SSL_LOG_INFO,
+ "Init: Configuring temporary "
+ "DH parameters (512/1024 bits)");
+
+ /* generate 512 bit DH param */
+ if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] =
+ ssl_dh_GetTmpParam(512)))
+ {
+ ssl_log(s, SSL_LOG_ERROR,
+ "Init: Failed to generate temporary "
+ "512 bit DH parameters");
+ ssl_die();
+ }
+
+ /* generate 1024 bit DH param */
+ if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] =
+ ssl_dh_GetTmpParam(1024)))
+ {
+ ssl_log(s, SSL_LOG_ERROR,
+ "Init: Failed to generate temporary "
+ "1024 bit DH parameters");
+ ssl_die();
+ }
+}
+
+/*
* Per-module initialization
*/
int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
@@ -188,7 +266,7 @@
#endif
ssl_pphrase_Handle(base_server, p);
- ssl_init_TmpKeysHandle(SSL_TKP_GEN, base_server, p);
+ ssl_tmp_keys_init(base_server, p);
/*
* SSL external crypto device ("engine") support
@@ -302,81 +380,6 @@
}
#endif
-#define MODSSL_TEMP_KEY_FREE(mc, type, idx) \
- if (mc->pTmpKeys[idx]) { \
- type##_free((type *)mc->pTmpKeys[idx]); \
- mc->pTmpKeys[idx] = NULL; \
- }
-
-#define MODSSL_TEMP_KEYS_FREE(mc, type) \
- MODSSL_TEMP_KEY_FREE(mc, type, SSL_TKPIDX_##type##512); \
- MODSSL_TEMP_KEY_FREE(mc, type, SSL_TKPIDX_##type##1024)
-
-/*
- * Handle the Temporary RSA Keys and DH Params
- */
-void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- if (action == SSL_TKP_GEN) { /* Generate Keys and Params */
- /* seed PRNG */
- ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
-
- /* generate 512 bit RSA key */
- ssl_log(s, SSL_LOG_INFO,
- "Init: Generating temporary RSA private keys (512/1024 bits)");
-
- /* generate 512 bit RSA key */
- if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] =
- RSA_generate_key(512, RSA_F4, NULL, NULL)))
- {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to generate temporary "
- "512 bit RSA private key");
- ssl_die();
- }
-
- /* generate 1024 bit RSA key */
- if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] =
- RSA_generate_key(1024, RSA_F4, NULL, NULL)))
- {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to generate temporary "
- "1024 bit RSA private key");
- ssl_die();
- }
-
- ssl_log(s, SSL_LOG_INFO,
- "Init: Configuring temporary "
- "DH parameters (512/1024 bits)");
-
- /* generate 512 bit DH param */
- if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] =
- ssl_dh_GetTmpParam(512)))
- {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to generate temporary "
- "512 bit DH parameters");
- ssl_die();
- }
-
- /* generate 1024 bit DH param */
- if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] =
- ssl_dh_GetTmpParam(1024)))
- {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to generate temporary "
- "1024 bit DH parameters");
- ssl_die();
- }
- }
- else if (action == SSL_TKP_FREE) { /* Free Keys and Params */
- MODSSL_TEMP_KEYS_FREE(mc, RSA);
- MODSSL_TEMP_KEYS_FREE(mc, DH);
- }
-}
-
/*
* Configure a particular server
*/
@@ -1067,7 +1070,7 @@
/*
* Destroy the temporary keys and params
*/
- ssl_init_TmpKeysHandle(SSL_TKP_FREE, base_server, NULL);
+ ssl_tmp_keys_free(base_server);
/*
* Free the non-pool allocated structures