On 10/4/2016 10:29 AM, Graham Leggett wrote:
On 4 Oct 2016, at 15:47, Paul Spangler <paul.spang...@ni.com> wrote:
From my understanding, apr_crypto_key_t is an opaque struct defined separately
by each crypto provider, so mod_session_crypto will not be able to do the
sizeof.
That's a sizeof a pointer to apr_crypto_key_t, not the sizeof apr_crypto_key_t
itself.
It's possible I'm looking a different version of the code, but when I
try that patch:
apr_crypto_key_t *key = NULL;
...
key = apr_pcalloc(r->pool, sizeof *key);
mod_session_crypto.c: In function 'decrypt_string':
mod_session_crypto.c:249:11: error: dereferencing pointer to incomplete type
Keys are read at server start and reused. Trying to regenerate the key on every
request has performance implications.
mod_session_crypto's passphrases can also be read from .htaccess, which
means at least some keys may be unknown at server start. I agree that
regenerating the keys on every request is not ideal. I'm only
questioning the feasibility of reusing keys that may come and go from
request to request.
Regards,
Paul Spangler
LabVIEW R&D
National Instruments