Cryptographic Pseudo Random Number Generator (CPRNG).

New apr_crypto_prng API and apr_crypto[_thread]_random_bytes() functions.

Allows to generate cryptographically secure random bytes indefinitely
given an initial seed of APR_CRYPTO_PRNG_SEED_SIZE bytes (32), which
is either provided by the caller or automatically gathered from the system.
The CPRNG can also be re-seeded at any time, or after a process is fork()ed.

The internal key is renewed every APR_CRYPTO_PRNG_SEED_SIZE random
bytes produced and those data once returned to the caller are cleared from
the internal state, which ensures forward secrecy.

This CPRNG is fast, based on a stream cipher, and will never block besides
the initial seed or any reseed if it depends on the system entropy.

Finally, it can be used either globally (locked in multithread environment),
per-thread (a lock free instance is automatically created for each thread on
first use), or created as standalone instance (manageable independently).


For now it's only implemented with the OpenSSL library as underlying crypto,
that is --with-crypto --with-openssl needs to be configured, and the latter
links libcrypto with APR.



git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1833359 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 1 insertions, 0 deletions

diff --git a/include/apr.h.in b/include/apr.h.in
index ea936158a..2cdb555e4 100644
--- a/include/apr.h.in
+++ b/include/apr.h.in
@@ -683,6 +683,7 @@ typedef int apr_wait_t;
 #define APU_HAVE_ODBC          @apu_have_odbc@
 
 #define APU_HAVE_CRYPTO        @apu_have_crypto@
+#define APU_HAVE_CRYPTO_PRNG   @apu_have_crypto_prng@
 #define APU_HAVE_OPENSSL       @apu_have_openssl@
 #define APU_HAVE_NSS           @apu_have_nss@
 #define APU_HAVE_COMMONCRYPTO  @apu_have_commoncrypto@