From: Graham Leggett Date: Sat, 5 Apr 2008 23:35:00 +0000 (+0000) Subject: Clarify the operation of the SessionCryptoPassphrase directive as raised by rpluem... X-Git-Tag: 2.3.0~806 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10d47f14ff146617fd1cfc1ea176830e2ab15f09;p=thirdparty%2Fapache%2Fhttpd.git Clarify the operation of the SessionCryptoPassphrase directive as raised by rpluem. When SessionCryptoCertificateFile is set, asymmetrical encryption will be used, and SessionCryptoPassphrase will be interpreted as the passphrase protecting the private key. When SessionCryptoCertificateFile is not set, symmetrical encryption is used, and SessionCryptoPassphrase will contain the key to use. Make sure that the engine parameter is properly passed into the crypto functions, and fix a missing cleanup on an error case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645186 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_session_crypto.xml b/docs/manual/mod/mod_session_crypto.xml index b6fba7c1312..ee6234234a1 100644 --- a/docs/manual/mod/mod_session_crypto.xml +++ b/docs/manual/mod/mod_session_crypto.xml @@ -87,12 +87,17 @@

The SessionCryptoPassphrase directive specifies the key - to be used to encrypt the contents of the session before writing the session, or - decrypting the contents of the session after reading the session.

- + to be used to enable symmetrical encryption on the contents of the session before + writing the session, or decrypting the contents of the session after reading the session.

+

Keys are more secure when they are long, and consist of truly random characters. Changing the key on a server has the effect of invalidating all existing sessions.

- + +

If the SessionCryptoCertificateFile + directive is set and asymmetrical encryption is enabled instead, the + SessionCryptoPassphrase directive + will be interpreted as the passphrase of the key, if the key is encrypted.

+ @@ -107,12 +112,16 @@

The SessionCryptoCertificateFile directive specifies the name - of a certificate to be used to encrypt the contents of the session before writing - the session, or decrypting the content of the session after reading the session.

- + of a certificate to be used to asymmetrically encrypt the contents of the session before + writing the session, or decrypting the content of the session after reading the session.

+

Changing the certificate on a server has the effect of invalidating all existing sessions.

+

If the key associated with this certificate is protected with a passphrase, the + SessionCryptoPassphrase directive + will be interpreted as the passphrase to use to decrypt the key.

+ Experimental

This directive is dependent on experimental support for assymetrical encryption support currently available in prerelease versions of OpenSSL, and will only be @@ -140,6 +149,10 @@

Changing the certificate or key on a server has the effect of invalidating all existing sessions.

+

If this key is protected with a passphrase, the + SessionCryptoPassphrase directive + will be interpreted as the passphrase to use to decrypt the key.

+ Experimental

This directive is dependent on experimental support for asymmetrical encryption support currently available in prerelease versions of OpenSSL, and will only be diff --git a/modules/session/mod_session_crypto.c b/modules/session/mod_session_crypto.c index 12da8c4d1c2..2eb381ce4d3 100644 --- a/modules/session/mod_session_crypto.c +++ b/modules/session/mod_session_crypto.c @@ -58,7 +58,7 @@ static apr_status_t crypt_init(request_rec * r, apr_evp_factory_t ** f, apr_evp_ { apr_status_t res; - if (!conf->certfile_set && !conf->keyfile_set && !conf->passphrase_set) { + if (!conf->certfile_set && !conf->passphrase_set) { ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, LOG_PREFIX "encryption not configured, " "no passphrase or certfile/keyfile set"); @@ -69,17 +69,19 @@ static apr_status_t crypt_init(request_rec * r, apr_evp_factory_t ** f, apr_evp_ if (conf->certfile_set) { *key = APR_EVP_KEY_PUBLIC; res = apr_evp_factory_create(f, conf->keyfile, conf->certfile, NULL, - NULL, NULL, conf->digest, APR_EVP_FACTORY_ASYM, r->pool); + conf->passphrase, conf->engine, conf->digest, + APR_EVP_FACTORY_ASYM, r->pool); if (APR_ENOTIMPL == res) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, LOG_PREFIX "generic public/private key encryption is not supported by " "this version of APR. session encryption not possible"); } } - if (conf->passphrase) { + else { *key = APR_EVP_KEY_SYM; res = apr_evp_factory_create(f, NULL, NULL, conf->cipher, - conf->passphrase, NULL, conf->digest, APR_EVP_FACTORY_SYM, r->pool); + conf->passphrase, conf->engine, conf->digest, + APR_EVP_FACTORY_SYM, r->pool); if (APR_ENOTIMPL == res) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, LOG_PREFIX "generic symmetrical encryption is not supported by this " @@ -134,6 +136,9 @@ static apr_status_t encrypt_string(request_rec * r, const char *in, char **out) session_crypto_dir_conf *conf = ap_get_module_config(r->per_dir_config, &session_crypto_module); + /* by default, return an empty string */ + *out = ""; + /* don't attempt to encrypt an empty string, trying to do so causes a segfault */ if (!in || !*in) { return APR_SUCCESS; @@ -232,6 +237,8 @@ static apr_status_t decrypt_string(request_rec * r, const char *in, char **out) if (res) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, LOG_PREFIX "decrypt: attempt to decrypt failed"); + apr_evp_factory_cleanup(f); + apr_evp_crypt_cleanup(e); return res; } *out = (char *) decrypted;