From: Doug MacEachern Date: Tue, 12 Mar 2002 22:34:31 +0000 (+0000) Subject: it is not required that temporary keys survive restarts, since they X-Git-Tag: CHANGES~100 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=15d581b6fe6effb8db31311ae735e6f5666e6237;p=apache it is not required that temporary keys survive restarts, since they are generated and destroyed on every restart. so get rid of SSLModConfigRec.tTmpKeys table and mess that was managing it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93881 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h index 818980a4e7..d0196028eb 100644 --- a/modules/ssl/mod_ssl.h +++ b/modules/ssl/mod_ssl.h @@ -300,7 +300,6 @@ typedef int ssl_algo_t; */ #define SSL_TKP_GEN (0) -#define SSL_TKP_ALLOC (1) #define SSL_TKP_FREE (2) #define SSL_TKPIDX_RSA512 (0) @@ -517,7 +516,6 @@ typedef struct { apr_lock_t *pMutex; apr_array_header_t *aRandSeed; apr_hash_t *tVHostKeys; - apr_hash_t *tTmpKeys; void *pTmpKeys[SSL_TKPIDX_MAX]; apr_hash_t *tPublicCert; apr_hash_t *tPrivateKey; diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 3be8ff845f..9f0a2eb2b8 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -107,7 +107,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) mc->tVHostKeys = apr_hash_make(pool); mc->tPrivateKey = apr_hash_make(pool); mc->tPublicCert = apr_hash_make(pool); - mc->tTmpKeys = apr_hash_make(pool); #ifdef SSL_EXPERIMENTAL_ENGINE mc->szCryptoDevice = NULL; #endif diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 9bc3077318..a3e5b07ef3 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -225,11 +225,6 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, */ ssl_rand_seed(base_server, p, SSL_RSCTX_STARTUP, "Init: "); - /* - * allocate the temporary RSA keys and DH params - */ - ssl_init_TmpKeysHandle(SSL_TKP_ALLOC, base_server, p); - /* * initialize servers */ @@ -323,11 +318,6 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p) void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); - ssl_asn1_t *asn1; - unsigned char *ptr; - long int length; - RSA *rsa; - DH *dh; if (action == SSL_TKP_GEN) { /* Generate Keys and Params */ /* seed PRNG */ @@ -337,120 +327,49 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) ssl_log(s, SSL_LOG_INFO, "Init: Generating temporary RSA private keys (512/1024 bits)"); - if (!(rsa = RSA_generate_key(512, RSA_F4, NULL, NULL))) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, + /* generate 512 bit RSA key */ + if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] = + RSA_generate_key(512, RSA_F4, NULL, NULL))) + { + ssl_log(s, SSL_LOG_ERROR, "Init: Failed to generate temporary " "512 bit RSA private key"); ssl_die(); } - length = i2d_RSAPrivateKey(rsa, NULL); - ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:512", length); - (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */ - RSA_free(rsa); - /* generate 1024 bit RSA key */ - if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL))) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, + if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] = + RSA_generate_key(1024, RSA_F4, NULL, NULL))) + { + ssl_log(s, SSL_LOG_ERROR, "Init: Failed to generate temporary " "1024 bit RSA private key"); ssl_die(); } - length = i2d_RSAPrivateKey(rsa, NULL); - ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:1024", length); - (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */ - RSA_free(rsa); - ssl_log(s, SSL_LOG_INFO, - "Init: Configuring temporary DH parameters (512/1024 bits)"); + "Init: Configuring temporary " + "DH parameters (512/1024 bits)"); - /* import 512 bit DH param */ - if (!(dh = ssl_dh_GetTmpParam(512))) { + /* generate 512 bit DH param */ + if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] = + ssl_dh_GetTmpParam(512))) + { ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to import temporary " + "Init: Failed to generate temporary " "512 bit DH parameters"); ssl_die(); } - length = i2d_DHparams(dh, NULL); - ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:512", length); - (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */ - DH_free(dh); - - /* import 1024 bit DH param */ - if (!(dh = ssl_dh_GetTmpParam(1024))) { + /* generate 1024 bit DH param */ + if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] = + ssl_dh_GetTmpParam(1024))) + { ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to import temporary " + "Init: Failed to generate temporary " "1024 bit DH parameters"); ssl_die(); } - - length = i2d_DHparams(dh, NULL); - ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:1024", length); - (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */ - DH_free(dh); - } - else if (action == SSL_TKP_ALLOC) { /* Allocate Keys and Params */ - ssl_log(s, SSL_LOG_INFO, - "Init: Configuring temporary " - "RSA private keys (512/1024 bits)"); - - /* allocate 512 bit RSA key */ - if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:512"))) { - ptr = asn1->cpData; - if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] = - d2i_RSAPrivateKey(NULL, &ptr, asn1->nData))) - { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to load temporary " - "512 bit RSA private key"); - ssl_die(); - } - } - - /* allocate 1024 bit RSA key */ - if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:1024"))) { - ptr = asn1->cpData; - if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] = - d2i_RSAPrivateKey(NULL, &ptr, asn1->nData))) - { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to load temporary " - "1024 bit RSA private key"); - ssl_die(); - } - } - - ssl_log(s, SSL_LOG_INFO, - "Init: Configuring temporary " - "DH parameters (512/1024 bits)"); - - /* allocate 512 bit DH param */ - if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:512"))) { - ptr = asn1->cpData; - if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] = - d2i_DHparams(NULL, &ptr, asn1->nData))) - { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to load temporary " - "512 bit DH parameters"); - ssl_die(); - } - } - - /* allocate 1024 bit DH param */ - if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:1024"))) { - ptr = asn1->cpData; - if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] = - d2i_DHparams(NULL, &ptr, asn1->nData))) - { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to load temporary " - "1024 bit DH parameters"); - ssl_die(); - } - } } else if (action == SSL_TKP_FREE) { /* Free Keys and Params */ MODSSL_TEMP_KEYS_FREE(mc, RSA);