it is not required that temporary keys survive restarts, since they

are generated and destroyed on every restart.

so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93881 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index 818980a4e724bab3c725eab35be1e9becb0978a3..d0196028eb45e6ec4551c292a1477fe38f1a6171 100644 (file)
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -300,7 +300,6 @@ typedef int ssl_algo_t;
  */
 
 #define SSL_TKP_GEN        (0)
-#define SSL_TKP_ALLOC      (1)
 #define SSL_TKP_FREE       (2)
 
 #define SSL_TKPIDX_RSA512  (0)
@@ -517,7 +516,6 @@ typedef struct {
     apr_lock_t     *pMutex;
     apr_array_header_t   *aRandSeed;
     apr_hash_t     *tVHostKeys;
-    apr_hash_t     *tTmpKeys;
     void           *pTmpKeys[SSL_TKPIDX_MAX];
     apr_hash_t     *tPublicCert;
     apr_hash_t     *tPrivateKey;

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 3be8ff845f93493dcd3decf459335c6ea2bcac24..9f0a2eb2b8d935072fc358b4426502a3aa09f5c9 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -107,7 +107,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
     mc->tVHostKeys             = apr_hash_make(pool);
     mc->tPrivateKey            = apr_hash_make(pool);
     mc->tPublicCert            = apr_hash_make(pool);
-    mc->tTmpKeys               = apr_hash_make(pool);
 #ifdef SSL_EXPERIMENTAL_ENGINE
     mc->szCryptoDevice         = NULL;
 #endif

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 9bc3077318af96d2ef07c249f2477572bf5e86cb..a3e5b07ef3427a1a38913137a2c772e282d134f2 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -225,11 +225,6 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
      */
     ssl_rand_seed(base_server, p, SSL_RSCTX_STARTUP, "Init: ");
 
-    /*
-     *  allocate the temporary RSA keys and DH params
-     */
-    ssl_init_TmpKeysHandle(SSL_TKP_ALLOC, base_server, p);
-
     /*
      *  initialize servers
      */
@@ -323,11 +318,6 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p)
 void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p)
 {
     SSLModConfigRec *mc = myModConfig(s);
-    ssl_asn1_t *asn1;
-    unsigned char *ptr;
-    long int length;
-    RSA *rsa;
-    DH *dh;
 
     if (action == SSL_TKP_GEN) { /* Generate Keys and Params */
         /* seed PRNG */
@@ -337,120 +327,49 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p)
         ssl_log(s, SSL_LOG_INFO,
                 "Init: Generating temporary RSA private keys (512/1024 bits)");
 
-        if (!(rsa = RSA_generate_key(512, RSA_F4, NULL, NULL))) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
+        /* generate 512 bit RSA key */
+        if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] = 
+              RSA_generate_key(512, RSA_F4, NULL, NULL)))
+        {
+            ssl_log(s, SSL_LOG_ERROR,
                     "Init: Failed to generate temporary "
                     "512 bit RSA private key");
             ssl_die();
         }
 
-        length = i2d_RSAPrivateKey(rsa, NULL);
-        ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:512", length);
-        (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */
-        RSA_free(rsa);
-
         /* generate 1024 bit RSA key */
-        if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL))) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
+        if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] = 
+              RSA_generate_key(1024, RSA_F4, NULL, NULL)))
+        {
+            ssl_log(s, SSL_LOG_ERROR,
                     "Init: Failed to generate temporary "
                     "1024 bit RSA private key");
             ssl_die();
         }
 
-        length = i2d_RSAPrivateKey(rsa, NULL);
-        ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:1024", length);
-        (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */
-        RSA_free(rsa);
-
         ssl_log(s, SSL_LOG_INFO,
-                "Init: Configuring temporary DH parameters (512/1024 bits)");
+                "Init: Configuring temporary "
+                "DH parameters (512/1024 bits)");
 
-        /* import 512 bit DH param */
-        if (!(dh = ssl_dh_GetTmpParam(512))) {
+        /* generate 512 bit DH param */
+        if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] = 
+              ssl_dh_GetTmpParam(512)))
+        {
             ssl_log(s, SSL_LOG_ERROR,
-                    "Init: Failed to import temporary "
+                    "Init: Failed to generate temporary "
                     "512 bit DH parameters");
             ssl_die();
         }
 
-        length = i2d_DHparams(dh, NULL);
-        ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:512", length);
-        (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */
-        DH_free(dh);
-
-        /* import 1024 bit DH param */
-        if (!(dh = ssl_dh_GetTmpParam(1024))) {
+        /* generate 1024 bit DH param */
+        if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] = 
+              ssl_dh_GetTmpParam(1024)))
+        {
             ssl_log(s, SSL_LOG_ERROR,
-                    "Init: Failed to import temporary "
+                    "Init: Failed to generate temporary "
                     "1024 bit DH parameters");
             ssl_die();
         }
-
-        length = i2d_DHparams(dh, NULL);
-        ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:1024", length);
-        (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */
-        DH_free(dh);
-    }
-    else if (action == SSL_TKP_ALLOC) { /* Allocate Keys and Params */
-        ssl_log(s, SSL_LOG_INFO,
-                "Init: Configuring temporary "
-                "RSA private keys (512/1024 bits)");
-
-        /* allocate 512 bit RSA key */
-        if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:512"))) {
-            ptr = asn1->cpData;
-            if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] = 
-                  d2i_RSAPrivateKey(NULL, &ptr, asn1->nData)))
-            {
-                ssl_log(s, SSL_LOG_ERROR,
-                        "Init: Failed to load temporary "
-                        "512 bit RSA private key");
-                ssl_die();
-            }
-        }
-
-        /* allocate 1024 bit RSA key */
-        if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:1024"))) {
-            ptr = asn1->cpData;
-            if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] = 
-                  d2i_RSAPrivateKey(NULL, &ptr, asn1->nData)))
-            {
-                ssl_log(s, SSL_LOG_ERROR,
-                        "Init: Failed to load temporary "
-                        "1024 bit RSA private key");
-                ssl_die();
-            }
-        }
-
-        ssl_log(s, SSL_LOG_INFO,
-                "Init: Configuring temporary "
-                "DH parameters (512/1024 bits)");
-
-        /* allocate 512 bit DH param */
-        if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:512"))) {
-            ptr = asn1->cpData;
-            if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] = 
-                  d2i_DHparams(NULL, &ptr, asn1->nData)))
-            {
-                ssl_log(s, SSL_LOG_ERROR,
-                        "Init: Failed to load temporary "
-                        "512 bit DH parameters");
-                ssl_die();
-            }
-        }
-
-        /* allocate 1024 bit DH param */
-        if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:1024"))) {
-            ptr = asn1->cpData;
-            if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] = 
-                  d2i_DHparams(NULL, &ptr, asn1->nData)))
-            {
-                ssl_log(s, SSL_LOG_ERROR,
-                        "Init: Failed to load temporary "
-                        "1024 bit DH parameters");
-                ssl_die();
-            }
-        }
     }
     else if (action == SSL_TKP_FREE) { /* Free Keys and Params */
         MODSSL_TEMP_KEYS_FREE(mc, RSA);