From f33d4e6dd99a8d8fde900b816575108f8e4bd9e8 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 28 Jun 2018 16:08:15 +0000
Subject: apr_crypto: follow up to r1833359: axe cprng_rekey() helper.

We don't exactly need the same code in _rekey() and _after_fork(), and can
avoid resetting cprng->buf twice in the latter (for the parent process).


git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1834622 13f79535-47bb-0310-9956-ffa450edef68
---
 crypto/apr_crypto_prng.c | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

(limited to 'crypto')

diff --git a/crypto/apr_crypto_prng.c b/crypto/apr_crypto_prng.c
index ad9a8b839..43cdfe7e6 100644
--- a/crypto/apr_crypto_prng.c
+++ b/crypto/apr_crypto_prng.c
@@ -610,15 +610,6 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_bytes(apr_crypto_prng_t *cprng,
     return rv;
 }
 
-/* Reset the buffer and use the next stream bytes as the new key. */
-static apr_status_t cprng_rekey(apr_crypto_prng_t *cprng,
-                                unsigned char *newkey)
-{
-    cprng->pos = cprng->len;
-    apr_crypto_memzero(cprng->buf, cprng->len);
-    return cprng_stream_bytes(cprng, newkey, newkey ? CPRNG_KEY_SIZE : 0);
-}
-
 APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng)
 {
     apr_status_t rv;
@@ -634,7 +625,9 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng)
     cprng_lock(cprng);
 
     /* Clear state and renew the key. */
-    rv = cprng_rekey(cprng, NULL);
+    cprng->pos = cprng->len;
+    apr_crypto_memzero(cprng->buf, cprng->len);
+    rv = cprng_stream_bytes(cprng, NULL, 0);
 
     cprng_unlock(cprng);
 
@@ -659,8 +652,8 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng)
 APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(apr_crypto_prng_t *cprng,
                                                      int flags)
 {
-    apr_status_t rv;
-    int child = flags & APR_CRYPTO_FORK_INCHILD;
+    apr_status_t rv = APR_SUCCESS;
+    int is_child = flags & APR_CRYPTO_FORK_INCHILD;
 
     if (!cprng) {
         /* Fall through with global CPRNG. */
@@ -683,9 +676,13 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(apr_crypto_prng_t *cprng,
      * and never reuse keys we are sure that this key is unique to the parent,
      * and that nothing is left over from the initial state in both processes.
      */
-    rv = cprng_rekey(cprng, child ? NULL : cprng->key);
-    if (rv == APR_SUCCESS && !child) {
-        rv = cprng_rekey(cprng, NULL);
+    cprng->pos = cprng->len;
+    apr_crypto_memzero(cprng->buf, cprng->len);
+    if (!is_child) {
+        rv = cprng_stream_bytes(cprng, cprng->key, CPRNG_KEY_SIZE);
+    }
+    if (rv == APR_SUCCESS) {
+        rv = cprng_stream_bytes(cprng, NULL, 0);
     }
 
     cprng_unlock(cprng);
-- 
cgit v1.2.1