You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2018/06/13 09:54:16 UTC
svn commit: r1833452 - in /httpd/httpd/trunk: modules/filters/mod_crypto.c
modules/session/mod_session_crypto.c modules/ssl/mod_ssl.c server/core.c
Author: ylavic
Date: Wed Jun 13 09:54:16 2018
New Revision: 1833452
URL: http://svn.apache.org/viewvc?rev=1833452&view=rev
Log:
Follow up to r1833368: share openssl between modules.
Both libapr[-util], mod_ssl, mod_crypto and mod_session_crypto can use the
same crypto library (e.g. openssl), use the new APR crypto loading API so
that they can work together and initialize/terminate the lib approprietly,
either once for all or on demand and reusable by the others.
Modified:
httpd/httpd/trunk/modules/filters/mod_crypto.c
httpd/httpd/trunk/modules/session/mod_session_crypto.c
httpd/httpd/trunk/modules/ssl/mod_ssl.c
httpd/httpd/trunk/server/core.c
Modified: httpd/httpd/trunk/modules/filters/mod_crypto.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_crypto.c?rev=1833452&r1=1833451&r2=1833452&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/filters/mod_crypto.c (original)
+++ httpd/httpd/trunk/modules/filters/mod_crypto.c Wed Jun 13 09:54:16 2018
@@ -1197,7 +1197,7 @@ crypto_init(apr_pool_t * p, apr_pool_t *
apr_status_t rv;
rv = apr_crypto_init(p);
- if (APR_SUCCESS != rv) {
+ if (APR_SUCCESS != rv && APR_EREINIT != rv) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
APLOGNO(03427) "APR crypto could not be initialised");
return rv;
Modified: httpd/httpd/trunk/modules/session/mod_session_crypto.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_crypto.c?rev=1833452&r1=1833451&r2=1833452&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session_crypto.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session_crypto.c Wed Jun 13 09:54:16 2018
@@ -569,7 +569,7 @@ static int session_crypto_init(apr_pool_
apr_status_t rv;
rv = apr_crypto_init(p);
- if (APR_SUCCESS != rv) {
+ if (APR_SUCCESS != rv && APR_EREINIT != rv) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(01843)
"APR crypto could not be initialised");
return rv;
Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=1833452&r1=1833451&r2=1833452&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Wed Jun 13 09:54:16 2018
@@ -32,6 +32,16 @@
#include "ap_provider.h"
#include "http_config.h"
+#include "apr_crypto.h"
+#include "apr_version.h"
+#if APR_VERSION_AT_LEAST(2,0,0) && \
+ defined(APU_HAVE_CRYPTO) && APU_HAVE_CRYPTO && \
+ defined(APU_HAVE_OPENSSL) && APU_HAVE_OPENSSL
+#define USE_APR_CRYPTO_LIB_INIT 1
+#else
+#define USE_APR_CRYPTO_LIB_INIT 0
+#endif
+
#include "mod_proxy.h" /* for proxy_hook_section_post_config() */
#include <assert.h>
@@ -392,6 +402,10 @@ static int ssl_hook_pre_config(apr_pool_
apr_pool_t *plog,
apr_pool_t *ptemp)
{
+#if USE_APR_CRYPTO_LIB_INIT
+ apr_status_t rv;
+#endif
+
#if HAVE_VALGRIND
ssl_running_on_valgrind = RUNNING_ON_VALGRIND;
#endif
@@ -404,22 +418,50 @@ static int ssl_hook_pre_config(apr_pool_
ssl_util_thread_id_setup(pconf);
#endif
- /* We must register the library in full, to ensure our configuration
- * code can successfully test the SSL environment.
- */
+#if USE_APR_CRYPTO_LIB_INIT
+ /* When mod_ssl is builtin, no need to unload openssl on restart */
+ rv = apr_crypto_lib_init("openssl", NULL, NULL,
+ modssl_running_statically ? ap_pglobal : pconf);
+ if (rv == APR_SUCCESS || rv == APR_EREINIT) {
+ /* apr_crypto inits libcrypto only, so in any case init libssl here,
+ * each time if openssl is unloaded with pconf, but only once if
+ * mod_ssl is builtin.
+ */
+ if (!modssl_running_statically
+ || !ap_retained_data_get("ssl_hook_pre_config")) {
+ if (modssl_running_statically) {
+ ap_retained_data_create("ssl_hook_pre_config", 1);
+ }
+ SSL_load_error_strings();
+ SSL_library_init();
+ }
+ }
+ else
+#endif
+ {
+ /* We must register the library in full, to ensure our configuration
+ * code can successfully test the SSL environment.
+ */
#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
- (void)CRYPTO_malloc_init();
+ CRYPTO_malloc_init();
#else
- OPENSSL_malloc_init();
+ OPENSSL_malloc_init();
#endif
- ERR_load_crypto_strings();
- SSL_load_error_strings();
- SSL_library_init();
+ ERR_load_crypto_strings();
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
- ENGINE_load_builtin_engines();
+ ENGINE_load_builtin_engines();
#endif
- OpenSSL_add_all_algorithms();
- OPENSSL_load_builtin_modules();
+ OpenSSL_add_all_algorithms();
+ OPENSSL_load_builtin_modules();
+ SSL_load_error_strings();
+ SSL_library_init();
+
+ /*
+ * Let us cleanup the ssl library when the module is unloaded
+ */
+ apr_pool_cleanup_register(pconf, NULL, ssl_cleanup_pre_config,
+ apr_pool_cleanup_null);
+ }
if (OBJ_txt2nid("id-on-dnsSRV") == NID_undef) {
(void)OBJ_create("1.3.6.1.5.5.7.8.7", "id-on-dnsSRV",
@@ -429,12 +471,6 @@ static int ssl_hook_pre_config(apr_pool_
/* Start w/o errors (e.g. OBJ_txt2nid() above) */
ERR_clear_error();
- /*
- * Let us cleanup the ssl library when the module is unloaded
- */
- apr_pool_cleanup_register(pconf, NULL, ssl_cleanup_pre_config,
- apr_pool_cleanup_null);
-
/* Register us to handle mod_log_config %c/%x variables */
ssl_var_log_config_register(pconf);
Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1833452&r1=1833451&r2=1833452&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Wed Jun 13 09:54:16 2018
@@ -22,7 +22,8 @@
#include "apr_thread_proc.h" /* for RLIMIT stuff */
#include "apr_crypto.h"
-#if defined(APU_HAVE_CRYPTO_PRNG) && APU_HAVE_CRYPTO_PRNG
+#if defined(APU_HAVE_CRYPTO) && APU_HAVE_CRYPTO && \
+ defined(APU_HAVE_CRYPTO_PRNG) && APU_HAVE_CRYPTO_PRNG
#define USE_APR_CRYPTO_PRNG 1
#else
#define USE_APR_CRYPTO_PRNG 0
@@ -5504,14 +5505,8 @@ AP_CORE_DECLARE(void) ap_init_rng(apr_po
apr_status_t rv;
#if USE_APR_CRYPTO_PRNG
- {
- int flags = 0;
-#if APR_HAS_THREADS
- flags = APR_CRYPTO_PRNG_PER_THREAD;
-#endif
- rv = apr_crypto_prng_init(p, 0, NULL, flags);
- }
-#else /* USE_APR_CRYPTO_PRNG */
+ rv = apr_crypto_init(p);
+#else
{
unsigned char seed[8];
rng = apr_random_standard_new(p);