diff options
| author | ylavic <ylavic@13f79535-47bb-0310-9956-ffa450edef68> | 2016-12-02 22:08:51 +0000 |
|---|---|---|
| committer | ylavic <ylavic@13f79535-47bb-0310-9956-ffa450edef68> | 2016-12-02 22:08:51 +0000 |
| commit | 6bc7122103931a7134ec5fbc4f2f5a55442bdb32 (patch) | |
| tree | 9cb62e60c68f69c9842997a0198b07e890dd8976 | |
| parent | 5386dfdc4b283bf6231063a7c09736a92a58548a (diff) | |
| download | libapr-util-6bc7122103931a7134ec5fbc4f2f5a55442bdb32.tar.gz | |
Merge r1772414 from trunk.
apr_crypto: axe the un(thread)safe key cache, creating each key on the pool
given to crypto_key()/crypto_passphrase().
Committed/Reviewed by: ylavic
git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.6.x@1772415 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | crypto/apr_crypto_commoncrypto.c | 16 | ||||
| -rw-r--r-- | crypto/apr_crypto_nss.c | 40 | ||||
| -rw-r--r-- | crypto/apr_crypto_openssl.c | 22 |
3 files changed, 34 insertions, 44 deletions
diff --git a/crypto/apr_crypto_commoncrypto.c b/crypto/apr_crypto_commoncrypto.c index 10f7d0f5..81b02995 100644 --- a/crypto/apr_crypto_commoncrypto.c +++ b/crypto/apr_crypto_commoncrypto.c @@ -41,7 +41,6 @@ struct apr_crypto_t apr_pool_t *pool; const apr_crypto_driver_t *provider; apu_err_t *result; - apr_array_header_t *keys; apr_hash_t *types; apr_hash_t *modes; apr_random_t *rng; @@ -206,11 +205,6 @@ static apr_status_t crypto_make(apr_crypto_t **ff, return APR_ENOMEM; } - f->keys = apr_array_make(pool, 10, sizeof(apr_crypto_key_t)); - if (!f->keys) { - return APR_ENOMEM; - } - f->types = apr_hash_make(pool); if (!f->types) { return APR_ENOMEM; @@ -388,7 +382,7 @@ static apr_status_t crypto_key(apr_crypto_key_t **k, apr_crypto_key_t *key = *k; if (!key) { - *k = key = apr_array_push(f->keys); + *k = key = apr_pcalloc(p, sizeof *key); } if (!key) { return APR_ENOMEM; @@ -480,10 +474,10 @@ static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize, apr_crypto_key_t *key = *k; if (!key) { - *k = key = apr_array_push(f->keys); - } - if (!key) { - return APR_ENOMEM; + *k = key = apr_pcalloc(p, sizeof *key); + if (!key) { + return APR_ENOMEM; + } } key->f = f; diff --git a/crypto/apr_crypto_nss.c b/crypto/apr_crypto_nss.c index e66412f8..47d16409 100644 --- a/crypto/apr_crypto_nss.c +++ b/crypto/apr_crypto_nss.c @@ -50,7 +50,6 @@ struct apr_crypto_t { apr_pool_t *pool; const apr_crypto_driver_t *provider; apu_err_t *result; - apr_array_header_t *keys; apr_crypto_config_t *config; apr_hash_t *types; apr_hash_t *modes; @@ -266,6 +265,15 @@ static apr_status_t crypto_block_cleanup_helper(void *data) return crypto_block_cleanup(block); } +static apr_status_t crypto_key_cleanup(void *data) +{ + apr_crypto_key_t *key = data; + if (key->symKey) { + PK11_FreeSymKey(key->symKey); + key->symKey = NULL; + } + return APR_SUCCESS; +} /** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. @@ -274,15 +282,6 @@ static apr_status_t crypto_block_cleanup_helper(void *data) */ static apr_status_t crypto_cleanup(apr_crypto_t *f) { - apr_crypto_key_t *key; - if (f->keys) { - while ((key = apr_array_pop(f->keys))) { - if (key->symKey) { - PK11_FreeSymKey(key->symKey); - key->symKey = NULL; - } - } - } return APR_SUCCESS; } @@ -326,7 +325,6 @@ static apr_status_t crypto_make(apr_crypto_t **ff, if (!f->result) { return APR_ENOMEM; } - f->keys = apr_array_make(pool, 10, sizeof(apr_crypto_key_t)); f->types = apr_hash_make(pool); if (!f->types) { @@ -491,10 +489,12 @@ static apr_status_t crypto_key(apr_crypto_key_t **k, key = *k; if (!key) { - *k = key = apr_array_push(f->keys); - } - if (!key) { - return APR_ENOMEM; + *k = key = apr_pcalloc(p, sizeof *key); + if (!key) { + return APR_ENOMEM; + } + apr_pool_cleanup_register(p, key, crypto_key_cleanup, + apr_pool_cleanup_null); } key->f = f; @@ -683,10 +683,12 @@ static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize, apr_crypto_key_t *key = *k; if (!key) { - *k = key = apr_array_push(f->keys); - } - if (!key) { - return APR_ENOMEM; + *k = key = apr_pcalloc(p, sizeof *key); + if (!key) { + return APR_ENOMEM; + } + apr_pool_cleanup_register(p, key, crypto_key_cleanup, + apr_pool_cleanup_null); } key->f = f; diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c index cb91c9c9..8989a2f6 100644 --- a/crypto/apr_crypto_openssl.c +++ b/crypto/apr_crypto_openssl.c @@ -39,7 +39,6 @@ struct apr_crypto_t { apr_pool_t *pool; const apr_crypto_driver_t *provider; apu_err_t *result; - apr_array_header_t *keys; apr_crypto_config_t *config; apr_hash_t *types; apr_hash_t *modes; @@ -291,11 +290,6 @@ static apr_status_t crypto_make(apr_crypto_t **ff, return APR_ENOMEM; } - f->keys = apr_array_make(pool, 10, sizeof(apr_crypto_key_t)); - if (!f->keys) { - return APR_ENOMEM; - } - f->types = apr_hash_make(pool); if (!f->types) { return APR_ENOMEM; @@ -455,10 +449,10 @@ static apr_status_t crypto_key(apr_crypto_key_t **k, apr_status_t rv; if (!key) { - *k = key = apr_array_push(f->keys); - } - if (!key) { - return APR_ENOMEM; + *k = key = apr_pcalloc(p, sizeof *key); + if (!key) { + return APR_ENOMEM; + } } key->f = f; @@ -556,10 +550,10 @@ static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize, apr_status_t rv; if (!key) { - *k = key = apr_array_push(f->keys); - } - if (!key) { - return APR_ENOMEM; + *k = key = apr_pcalloc(p, sizeof *key); + if (!key) { + return APR_ENOMEM; + } } key->f = f; |