Implement CRYPTO_set_locking_callback() for mod_ssl (42f4bb67) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		Changes with Apache 2.0.25-dev
		*) Implement CRYPTO_set_locking_callback() in terms of apr_lock
		for mod_ssl
		[Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>]

		*) Fix for mod_include. Ryan's patch to check error
		codes put a return in the wrong place. Also, the
		include handler return code wasn't being checked.

+0 −1

Original line number	Diff line number	Diff line
		@@ -174,7 +174,6 @@
		o Whether to unregister and how to unregister?
		ssl_var_unregister();
		ssl_ext_unregister();
		o We certainly need CRYPTO_set_locking_callback() now also under Unix!
		o Do we need SSL_set_read_ahead()?
		o Enable use of MM, SHMCB and SHMHT.
		o Enable SSL extensions (ssl_engine_ext.c)

+1 −1

Original line number	Diff line number	Diff line
		@@ -728,7 +728,7 @@ BOOL ssl_util_path_check(ssl_pathcheck_t, const char , apr_pool_t );
		ssl_algo_t ssl_util_algotypeof(X509 , EVP_PKEY );
		char *ssl_util_algotypestr(ssl_algo_t);
		char ssl_util_ptxtsub(apr_pool_t , const char , const char , char *);
		void ssl_util_thread_setup(void);
		void ssl_util_thread_setup(server_rec , apr_pool_t );
		apr_status_t ssl_util_setmodconfig(server_rec , const char , SSLModConfigRec *);
		SSLModConfigRec ssl_util_getmodconfig(server_rec , const char *);
		SSLModConfigRec ssl_util_getmodconfig_ssl(SSL , const char *);

+1 −0

Original line number	Diff line number	Diff line
		@@ -185,6 +185,7 @@ void ssl_init_Module(apr_pool_t p, apr_pool_t plog,
		ssl_init_SSLLibrary();
		}
		#endif
		ssl_util_thread_setup(s, p);
		if (mc->nInitCount == 1) {
		ssl_pphrase_Handle(s, p);
		ssl_init_TmpKeysHandle(SSL_TKP_GEN, s, p);

+46 −0

Original line number	Diff line number	Diff line
		@@ -328,3 +328,49 @@ ssl_util_getmodconfig_ssl(
		return mc;
		}

		/*
		* To ensure thread-safetyness in OpenSSL - work in progress
		*/

		static apr_lock_t *lock_cs[CRYPTO_NUM_LOCKS];
		static long lock_count[CRYPTO_NUM_LOCKS];

		void ssl_util_thread_locking_callback(int mode, int type, char *file, int line)
		{
		if (mode & CRYPTO_LOCK) {
		apr_lock_acquire(lock_cs[type]);
		lock_count[type]++;
		}
		else {
		apr_lock_release(lock_cs[type]);
		}
		}

		apr_status_t ssl_util_thread_cleanup(void *data)
		{
		int i;

		CRYPTO_set_locking_callback(NULL);
		for (i = 0; i < CRYPTO_NUM_LOCKS; i++)
		apr_lock_destroy(lock_cs[i]);
		return APR_SUCCESS;
		}

		void ssl_util_thread_setup(server_rec s, apr_pool_t p)
		{
		int i;
		SSLModConfigRec *mc = myModConfig(s);

		*lock_cs = apr_palloc(p, CRYPTO_NUM_LOCKS);
		for (i = 0; i < CRYPTO_NUM_LOCKS; i++)
		{
		lock_count[i]=0;
		apr_lock_create(&(lock_cs[i]), APR_MUTEX, APR_LOCKALL,
		mc->szMutexFile, p);
		}

		CRYPTO_set_locking_callback((void (*)())ssl_util_thread_locking_callback);
		apr_pool_cleanup_register(p, NULL,
		ssl_util_thread_cleanup, apr_pool_cleanup_null);

		}

Original line number	Diff line number	Diff line
		@@ -728,7 +728,7 @@ BOOL ssl_util_path_check(ssl_pathcheck_t, const char , apr_pool_t );
		ssl_algo_t ssl_util_algotypeof(X509 , EVP_PKEY );
		char *ssl_util_algotypestr(ssl_algo_t);
		char ssl_util_ptxtsub(apr_pool_t , const char , const char , char *);
		void ssl_util_thread_setup(void);
		void ssl_util_thread_setup(server_rec , apr_pool_t );
		apr_status_t ssl_util_setmodconfig(server_rec , const char , SSLModConfigRec *);
		SSLModConfigRec ssl_util_getmodconfig(server_rec , const char *);
		SSLModConfigRec ssl_util_getmodconfig_ssl(SSL , const char *);