You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2018/06/13 09:54:16 UTC
svn commit: r1833452 - in /httpd/httpd/trunk: modules/filters/mod_crypto.c modules/session/mod_session_crypto.c modules/ssl/mod_ssl.c server/core.c

Author: ylavic
Date: Wed Jun 13 09:54:16 2018
New Revision: 1833452

URL: http://svn.apache.org/viewvc?rev=1833452&view=rev
Log:
Follow up to r1833368: share openssl between modules.

Both libapr[-util], mod_ssl, mod_crypto and mod_session_crypto can use the
same crypto library (e.g. openssl), use the new APR crypto loading API so
that they can work together and initialize/terminate the lib approprietly,
either once for all or on demand and reusable by the others.


Modified:
    httpd/httpd/trunk/modules/filters/mod_crypto.c
    httpd/httpd/trunk/modules/session/mod_session_crypto.c
    httpd/httpd/trunk/modules/ssl/mod_ssl.c
    httpd/httpd/trunk/server/core.c

Modified: httpd/httpd/trunk/modules/filters/mod_crypto.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_crypto.c?rev=1833452&r1=1833451&r2=1833452&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/filters/mod_crypto.c (original)
+++ httpd/httpd/trunk/modules/filters/mod_crypto.c Wed Jun 13 09:54:16 2018
@@ -1197,7 +1197,7 @@ crypto_init(apr_pool_t * p, apr_pool_t *
             apr_status_t rv;
 
             rv = apr_crypto_init(p);
-            if (APR_SUCCESS != rv) {
+            if (APR_SUCCESS != rv && APR_EREINIT != rv) {
                 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                              APLOGNO(03427) "APR crypto could not be initialised");
                 return rv;

Modified: httpd/httpd/trunk/modules/session/mod_session_crypto.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_crypto.c?rev=1833452&r1=1833451&r2=1833452&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session_crypto.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session_crypto.c Wed Jun 13 09:54:16 2018
@@ -569,7 +569,7 @@ static int session_crypto_init(apr_pool_
         apr_status_t rv;
 
         rv = apr_crypto_init(p);
-        if (APR_SUCCESS != rv) {
+        if (APR_SUCCESS != rv && APR_EREINIT != rv) {
             ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(01843)
                     "APR crypto could not be initialised");
             return rv;

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=1833452&r1=1833451&r2=1833452&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Wed Jun 13 09:54:16 2018
@@ -32,6 +32,16 @@
 #include "ap_provider.h"
 #include "http_config.h"
 
+#include "apr_crypto.h"
+#include "apr_version.h"
+#if APR_VERSION_AT_LEAST(2,0,0) && \
+    defined(APU_HAVE_CRYPTO) && APU_HAVE_CRYPTO && \
+    defined(APU_HAVE_OPENSSL) && APU_HAVE_OPENSSL
+#define USE_APR_CRYPTO_LIB_INIT 1
+#else
+#define USE_APR_CRYPTO_LIB_INIT 0
+#endif
+
 #include "mod_proxy.h" /* for proxy_hook_section_post_config() */
 
 #include <assert.h>
@@ -392,6 +402,10 @@ static int ssl_hook_pre_config(apr_pool_
                                apr_pool_t *plog,
                                apr_pool_t *ptemp)
 {
+#if USE_APR_CRYPTO_LIB_INIT
+    apr_status_t rv;
+#endif
+
 #if HAVE_VALGRIND
     ssl_running_on_valgrind = RUNNING_ON_VALGRIND;
 #endif
@@ -404,22 +418,50 @@ static int ssl_hook_pre_config(apr_pool_
     ssl_util_thread_id_setup(pconf);
 #endif
 
-    /* We must register the library in full, to ensure our configuration
-     * code can successfully test the SSL environment.
-     */
+#if USE_APR_CRYPTO_LIB_INIT
+    /* When mod_ssl is builtin, no need to unload openssl on restart */
+    rv = apr_crypto_lib_init("openssl", NULL, NULL,
+                             modssl_running_statically ? ap_pglobal : pconf);
+    if (rv == APR_SUCCESS || rv == APR_EREINIT) {
+        /* apr_crypto inits libcrypto only, so in any case init libssl here,
+         * each time if openssl is unloaded with pconf, but only once if
+         * mod_ssl is builtin.
+         */
+        if (!modssl_running_statically
+                || !ap_retained_data_get("ssl_hook_pre_config")) {
+            if (modssl_running_statically) {
+                ap_retained_data_create("ssl_hook_pre_config", 1);
+            }
+            SSL_load_error_strings();
+            SSL_library_init();
+        }
+    }
+    else
+#endif
+    {
+        /* We must register the library in full, to ensure our configuration
+         * code can successfully test the SSL environment.
+         */
 #if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
-    (void)CRYPTO_malloc_init();
+        CRYPTO_malloc_init();
 #else
-    OPENSSL_malloc_init();
+        OPENSSL_malloc_init();
 #endif
-    ERR_load_crypto_strings();
-    SSL_load_error_strings();
-    SSL_library_init();
+        ERR_load_crypto_strings();
 #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
-    ENGINE_load_builtin_engines();
+        ENGINE_load_builtin_engines();
 #endif
-    OpenSSL_add_all_algorithms();
-    OPENSSL_load_builtin_modules();
+        OpenSSL_add_all_algorithms();
+        OPENSSL_load_builtin_modules();
+        SSL_load_error_strings();
+        SSL_library_init();
+
+        /*
+         * Let us cleanup the ssl library when the module is unloaded
+         */
+        apr_pool_cleanup_register(pconf, NULL, ssl_cleanup_pre_config,
+                                               apr_pool_cleanup_null);
+    }
 
     if (OBJ_txt2nid("id-on-dnsSRV") == NID_undef) {
         (void)OBJ_create("1.3.6.1.5.5.7.8.7", "id-on-dnsSRV",
@@ -429,12 +471,6 @@ static int ssl_hook_pre_config(apr_pool_
     /* Start w/o errors (e.g. OBJ_txt2nid() above) */
     ERR_clear_error();
 
-    /*
-     * Let us cleanup the ssl library when the module is unloaded
-     */
-    apr_pool_cleanup_register(pconf, NULL, ssl_cleanup_pre_config,
-                                           apr_pool_cleanup_null);
-
     /* Register us to handle mod_log_config %c/%x variables */
     ssl_var_log_config_register(pconf);
 

Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1833452&r1=1833451&r2=1833452&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Wed Jun 13 09:54:16 2018
@@ -22,7 +22,8 @@
 #include "apr_thread_proc.h"    /* for RLIMIT stuff */
 
 #include "apr_crypto.h"
-#if defined(APU_HAVE_CRYPTO_PRNG) && APU_HAVE_CRYPTO_PRNG
+#if defined(APU_HAVE_CRYPTO) && APU_HAVE_CRYPTO && \
+    defined(APU_HAVE_CRYPTO_PRNG) && APU_HAVE_CRYPTO_PRNG
 #define USE_APR_CRYPTO_PRNG 1
 #else
 #define USE_APR_CRYPTO_PRNG 0
@@ -5504,14 +5505,8 @@ AP_CORE_DECLARE(void) ap_init_rng(apr_po
     apr_status_t rv;
 
 #if USE_APR_CRYPTO_PRNG
-    {
-        int flags = 0;
-#if APR_HAS_THREADS
-        flags = APR_CRYPTO_PRNG_PER_THREAD;
-#endif
-        rv = apr_crypto_prng_init(p, 0, NULL, flags);
-    }
-#else /* USE_APR_CRYPTO_PRNG */
+    rv = apr_crypto_init(p);
+#else
     {
         unsigned char seed[8];
         rng = apr_random_standard_new(p);