diff options
author | Yann Ylavic <ylavic@apache.org> | 2018-06-28 16:08:15 +0000 |
---|---|---|
committer | Yann Ylavic <ylavic@apache.org> | 2018-06-28 16:08:15 +0000 |
commit | f33d4e6dd99a8d8fde900b816575108f8e4bd9e8 (patch) | |
tree | 86e18bfc9a96baf2cbb799205a069e35f4a27ba4 /crypto | |
parent | 86568290f10fd902773eda3f6e7a19294978e057 (diff) | |
download | apr-f33d4e6dd99a8d8fde900b816575108f8e4bd9e8.tar.gz |
apr_crypto: follow up to r1833359: axe cprng_rekey() helper.
We don't exactly need the same code in _rekey() and _after_fork(), and can
avoid resetting cprng->buf twice in the latter (for the parent process).
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1834622 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/apr_crypto_prng.c | 27 |
1 files changed, 12 insertions, 15 deletions
diff --git a/crypto/apr_crypto_prng.c b/crypto/apr_crypto_prng.c index ad9a8b839..43cdfe7e6 100644 --- a/crypto/apr_crypto_prng.c +++ b/crypto/apr_crypto_prng.c @@ -610,15 +610,6 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_bytes(apr_crypto_prng_t *cprng, return rv; } -/* Reset the buffer and use the next stream bytes as the new key. */ -static apr_status_t cprng_rekey(apr_crypto_prng_t *cprng, - unsigned char *newkey) -{ - cprng->pos = cprng->len; - apr_crypto_memzero(cprng->buf, cprng->len); - return cprng_stream_bytes(cprng, newkey, newkey ? CPRNG_KEY_SIZE : 0); -} - APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng) { apr_status_t rv; @@ -634,7 +625,9 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng) cprng_lock(cprng); /* Clear state and renew the key. */ - rv = cprng_rekey(cprng, NULL); + cprng->pos = cprng->len; + apr_crypto_memzero(cprng->buf, cprng->len); + rv = cprng_stream_bytes(cprng, NULL, 0); cprng_unlock(cprng); @@ -659,8 +652,8 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng) APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(apr_crypto_prng_t *cprng, int flags) { - apr_status_t rv; - int child = flags & APR_CRYPTO_FORK_INCHILD; + apr_status_t rv = APR_SUCCESS; + int is_child = flags & APR_CRYPTO_FORK_INCHILD; if (!cprng) { /* Fall through with global CPRNG. */ @@ -683,9 +676,13 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(apr_crypto_prng_t *cprng, * and never reuse keys we are sure that this key is unique to the parent, * and that nothing is left over from the initial state in both processes. */ - rv = cprng_rekey(cprng, child ? NULL : cprng->key); - if (rv == APR_SUCCESS && !child) { - rv = cprng_rekey(cprng, NULL); + cprng->pos = cprng->len; + apr_crypto_memzero(cprng->buf, cprng->len); + if (!is_child) { + rv = cprng_stream_bytes(cprng, cprng->key, CPRNG_KEY_SIZE); + } + if (rv == APR_SUCCESS) { + rv = cprng_stream_bytes(cprng, NULL, 0); } cprng_unlock(cprng); |