From df7c5dd3e927bb512c14c743f475541cd4879207 Mon Sep 17 00:00:00 2001 From: Doug MacEachern Date: Tue, 12 Mar 2002 22:50:38 +0000 Subject: [PATCH] split ssl_init_TmpKeysHandle function to init/free functions, and make them static to ssl_engine_init.c git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93882 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/mod_ssl.h | 4 - modules/ssl/ssl_engine_init.c | 157 +++++++++++++++++----------------- 2 files changed, 80 insertions(+), 81 deletions(-) diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h index d0196028eb..d58319d193 100644 --- a/modules/ssl/mod_ssl.h +++ b/modules/ssl/mod_ssl.h @@ -299,9 +299,6 @@ typedef int ssl_algo_t; * Define IDs for the temporary RSA keys and DH params */ -#define SSL_TKP_GEN (0) -#define SSL_TKP_FREE (2) - #define SSL_TKPIDX_RSA512 (0) #define SSL_TKPIDX_RSA1024 (1) #define SSL_TKPIDX_DH512 (2) @@ -645,7 +642,6 @@ const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, char *, char *) /* module initialization */ int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); void ssl_init_Engine(server_rec *, apr_pool_t *); -void ssl_init_TmpKeysHandle(int, server_rec *, apr_pool_t *); void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, SSLSrvConfigRec *); void ssl_init_CheckServers(server_rec *, apr_pool_t *); STACK_OF(X509_NAME) diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a3e5b07ef3..ca71955a51 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -119,6 +119,84 @@ static void ssl_init_SSLLibrary(server_rec *s) SSL_library_init(); } +/* + * Handle the Temporary RSA Keys and DH Params + */ + +#define MODSSL_TMP_KEY_FREE(mc, type, idx) \ + if (mc->pTmpKeys[idx]) { \ + type##_free((type *)mc->pTmpKeys[idx]); \ + mc->pTmpKeys[idx] = NULL; \ + } + +#define MODSSL_TMP_KEYS_FREE(mc, type) \ + MODSSL_TMP_KEY_FREE(mc, type, SSL_TKPIDX_##type##512); \ + MODSSL_TMP_KEY_FREE(mc, type, SSL_TKPIDX_##type##1024) + +static void ssl_tmp_keys_free(server_rec *s) +{ + SSLModConfigRec *mc = myModConfig(s); + + MODSSL_TMP_KEYS_FREE(mc, RSA); + MODSSL_TMP_KEYS_FREE(mc, DH); +} + +static void ssl_tmp_keys_init(server_rec *s, apr_pool_t *p) +{ + SSLModConfigRec *mc = myModConfig(s); + + /* seed PRNG */ + ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: "); + + /* generate 512 bit RSA key */ + ssl_log(s, SSL_LOG_INFO, + "Init: Generating temporary RSA private keys (512/1024 bits)"); + + /* generate 512 bit RSA key */ + if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] = + RSA_generate_key(512, RSA_F4, NULL, NULL))) + { + ssl_log(s, SSL_LOG_ERROR, + "Init: Failed to generate temporary " + "512 bit RSA private key"); + ssl_die(); + } + + /* generate 1024 bit RSA key */ + if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] = + RSA_generate_key(1024, RSA_F4, NULL, NULL))) + { + ssl_log(s, SSL_LOG_ERROR, + "Init: Failed to generate temporary " + "1024 bit RSA private key"); + ssl_die(); + } + + ssl_log(s, SSL_LOG_INFO, + "Init: Configuring temporary " + "DH parameters (512/1024 bits)"); + + /* generate 512 bit DH param */ + if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] = + ssl_dh_GetTmpParam(512))) + { + ssl_log(s, SSL_LOG_ERROR, + "Init: Failed to generate temporary " + "512 bit DH parameters"); + ssl_die(); + } + + /* generate 1024 bit DH param */ + if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] = + ssl_dh_GetTmpParam(1024))) + { + ssl_log(s, SSL_LOG_ERROR, + "Init: Failed to generate temporary " + "1024 bit DH parameters"); + ssl_die(); + } +} + /* * Per-module initialization */ @@ -188,7 +266,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, #endif ssl_pphrase_Handle(base_server, p); - ssl_init_TmpKeysHandle(SSL_TKP_GEN, base_server, p); + ssl_tmp_keys_init(base_server, p); /* * SSL external crypto device ("engine") support @@ -302,81 +380,6 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p) } #endif -#define MODSSL_TEMP_KEY_FREE(mc, type, idx) \ - if (mc->pTmpKeys[idx]) { \ - type##_free((type *)mc->pTmpKeys[idx]); \ - mc->pTmpKeys[idx] = NULL; \ - } - -#define MODSSL_TEMP_KEYS_FREE(mc, type) \ - MODSSL_TEMP_KEY_FREE(mc, type, SSL_TKPIDX_##type##512); \ - MODSSL_TEMP_KEY_FREE(mc, type, SSL_TKPIDX_##type##1024) - -/* - * Handle the Temporary RSA Keys and DH Params - */ -void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) -{ - SSLModConfigRec *mc = myModConfig(s); - - if (action == SSL_TKP_GEN) { /* Generate Keys and Params */ - /* seed PRNG */ - ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: "); - - /* generate 512 bit RSA key */ - ssl_log(s, SSL_LOG_INFO, - "Init: Generating temporary RSA private keys (512/1024 bits)"); - - /* generate 512 bit RSA key */ - if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] = - RSA_generate_key(512, RSA_F4, NULL, NULL))) - { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to generate temporary " - "512 bit RSA private key"); - ssl_die(); - } - - /* generate 1024 bit RSA key */ - if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] = - RSA_generate_key(1024, RSA_F4, NULL, NULL))) - { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to generate temporary " - "1024 bit RSA private key"); - ssl_die(); - } - - ssl_log(s, SSL_LOG_INFO, - "Init: Configuring temporary " - "DH parameters (512/1024 bits)"); - - /* generate 512 bit DH param */ - if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] = - ssl_dh_GetTmpParam(512))) - { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to generate temporary " - "512 bit DH parameters"); - ssl_die(); - } - - /* generate 1024 bit DH param */ - if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] = - ssl_dh_GetTmpParam(1024))) - { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to generate temporary " - "1024 bit DH parameters"); - ssl_die(); - } - } - else if (action == SSL_TKP_FREE) { /* Free Keys and Params */ - MODSSL_TEMP_KEYS_FREE(mc, RSA); - MODSSL_TEMP_KEYS_FREE(mc, DH); - } -} - /* * Configure a particular server */ @@ -1067,7 +1070,7 @@ apr_status_t ssl_init_ModuleKill(void *data) /* * Destroy the temporary keys and params */ - ssl_init_TmpKeysHandle(SSL_TKP_FREE, base_server, NULL); + ssl_tmp_keys_free(base_server); /* * Free the non-pool allocated structures -- 2.50.1