return;
}
+/*
+ * certain key and cert data needs to survive restarts,
+ * which are stored in the user data table of s->process->pool.
+ * to prevent "leaking" of this data, we use malloc/free
+ * rather than apr_palloc and these wrappers to help make sure
+ * we do not leak the malloc-ed data.
+ */
+unsigned char *ssl_asn1_table_set(apr_hash_t *table,
+ const void *key,
+ long int length)
+{
+ apr_ssize_t klen = strlen(key);
+ ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
+
+ /*
+ * if a value for this key already exists,
+ * reuse as much of the already malloc-ed data
+ * as possible.
+ */
+ if (asn1 && (asn1->nData != length)) {
+ free(asn1->cpData); /* XXX: realloc? */
+ asn1->cpData = NULL;
+ }
+ else {
+ asn1 = malloc(sizeof(*asn1));
+ asn1->cpData = NULL;
+ }
+
+ asn1->nData = length;
+ if (!asn1->cpData) {
+ asn1->cpData = malloc(length);
+ }
+
+ apr_hash_set(table, key, klen, asn1);
+
+ return asn1->cpData; /* caller will assign a value to this */
+}
+
+void ssl_asn1_table_unset(apr_hash_t *table,
+ const void *key)
+{
+ apr_ssize_t klen = strlen(key);
+ ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
+
+ if (!asn1) {
+ return;
+ }
+
+ if (asn1->cpData) {
+ free(asn1->cpData);
+ }
+ free(asn1);
+
+ apr_hash_set(table, key, klen, NULL);
+}
SSLModConfigRec *mc = myModConfig(s);
ssl_asn1_t *asn1;
unsigned char *ucp;
+ long int length;
RSA *rsa;
DH *dh;
"Init: Failed to generate temporary 512 bit RSA private key");
ssl_die();
}
- asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:512");
- asn1->nData = i2d_RSAPrivateKey(rsa, NULL);
- asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
- ucp = asn1->cpData; i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
+
+ length = i2d_RSAPrivateKey(rsa, NULL);
+ ucp = ssl_asn1_table_set(mc->tTmpKeys, "RSA:512", length);
+ (void)i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
RSA_free(rsa);
/* generate 1024 bit RSA key */
"Init: Failed to generate temporary 1024 bit RSA private key");
ssl_die();
}
- asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:1024");
- asn1->nData = i2d_RSAPrivateKey(rsa, NULL);
- asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
- ucp = asn1->cpData; i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
+
+ length = i2d_RSAPrivateKey(rsa, NULL);
+ ucp = ssl_asn1_table_set(mc->tTmpKeys, "RSA:1024", length);
+ (void)i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
RSA_free(rsa);
ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)");
ssl_log(s, SSL_LOG_ERROR, "Init: Failed to import temporary 512 bit DH parameters");
ssl_die();
}
- asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "DH:512");
- asn1->nData = i2d_DHparams(dh, NULL);
- asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
- ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */
+
+ length = i2d_DHparams(dh, NULL);
+ ucp = ssl_asn1_table_set(mc->tTmpKeys, "DH:512", length);
+ (void)i2d_DHparams(dh, &ucp); /* 2nd arg increments */
/* no need to free dh, it's static */
/* import 1024 bit DH param */
ssl_log(s, SSL_LOG_ERROR, "Init: Failed to import temporary 1024 bit DH parameters");
ssl_die();
}
- asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "DH:1024");
- asn1->nData = i2d_DHparams(dh, NULL);
- asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
- ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */
+
+ length = i2d_DHparams(dh, NULL);
+ ucp = ssl_asn1_table_set(mc->tTmpKeys, "DH:1024", length);
+ (void)i2d_DHparams(dh, &ucp); /* 2nd arg increments */
/* no need to free dh, it's static */
}
ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary RSA private keys (512/1024 bits)");
/* allocate 512 bit RSA key */
- if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "RSA:512")) != NULL) {
+ if ((asn1 = (ssl_asn1_t *)apr_hash_get(mc->tTmpKeys, "RSA:512", APR_HASH_KEY_STRING)) != NULL) {
ucp = asn1->cpData;
if ((mc->pTmpKeys[SSL_TKPIDX_RSA512] =
(void *)d2i_RSAPrivateKey(NULL, SSL_UCP_CAST(&ucp), asn1->nData)) == NULL) {
}
/* allocate 1024 bit RSA key */
- if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "RSA:1024")) != NULL) {
+ if ((asn1 = (ssl_asn1_t *)apr_hash_get(mc->tTmpKeys, "RSA:1024", APR_HASH_KEY_STRING)) != NULL) {
ucp = asn1->cpData;
if ((mc->pTmpKeys[SSL_TKPIDX_RSA1024] =
(void *)d2i_RSAPrivateKey(NULL, SSL_UCP_CAST(&ucp), asn1->nData)) == NULL) {
ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)");
/* allocate 512 bit DH param */
- if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "DH:512")) != NULL) {
+ if ((asn1 = (ssl_asn1_t *)apr_hash_get(mc->tTmpKeys, "DH:512", APR_HASH_KEY_STRING)) != NULL) {
ucp = asn1->cpData;
if ((mc->pTmpKeys[SSL_TKPIDX_DH512] =
(void *)d2i_DHparams(NULL, SSL_UCP_CAST(&ucp), asn1->nData)) == NULL) {
}
/* allocate 1024 bit DH param */
- if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "DH:1024")) != NULL) {
+ if ((asn1 = (ssl_asn1_t *)apr_hash_get(mc->tTmpKeys, "DH:512", APR_HASH_KEY_STRING)) != NULL) {
ucp = asn1->cpData;
if ((mc->pTmpKeys[SSL_TKPIDX_DH1024] =
(void *)d2i_DHparams(NULL, SSL_UCP_CAST(&ucp), asn1->nData)) == NULL) {