diff options
| author | Yann Ylavic <ylavic@apache.org> | 2018-06-28 12:14:35 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2018-06-28 12:14:35 +0000 |
| commit | 86568290f10fd902773eda3f6e7a19294978e057 (patch) | |
| tree | 67a2be4e09c8196d626b89bb7d18846feaa710f6 /threadproc | |
| parent | cbe1e9f6a35e08d5873448ed972c82f27cc68a85 (diff) | |
| download | apr-86568290f10fd902773eda3f6e7a19294978e057.tar.gz | |
apr_crypto: follow up to r1833359: better cprng_stream_bytes() semantics.
Make cprng_stream_ctx_bytes() rekey in any case, this is exactly what we need
both when generating pooled random bytes and when handling fork() the parent
and child key should not leak to each other.
There is no use case for a keystream without setting the key first and burning
it afterward, and there shouldn't be.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1834600 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'threadproc')
| -rw-r--r-- | threadproc/unix/proc.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/threadproc/unix/proc.c b/threadproc/unix/proc.c index 950405c09..ed7a05fda 100644 --- a/threadproc/unix/proc.c +++ b/threadproc/unix/proc.c @@ -238,7 +238,7 @@ APR_DECLARE(apr_status_t) apr_proc_fork(apr_proc_t *proc, apr_pool_t *pool) /* Do the work needed for children PRNG(s). */ #if APU_HAVE_CRYPTO_PRNG - apr_crypto_prng_after_fork(NULL, 1); + apr_crypto_prng_after_fork(NULL, APR_CRYPTO_FORK_INCHILD); #endif apr_random_after_fork(proc); @@ -249,7 +249,7 @@ APR_DECLARE(apr_status_t) apr_proc_fork(apr_proc_t *proc, apr_pool_t *pool) /* Do the work needed for parent PRNG(s). */ #if APU_HAVE_CRYPTO_PRNG - apr_crypto_prng_after_fork(NULL, 0); + apr_crypto_prng_after_fork(NULL, APR_CRYPTO_FORK_INPARENT); #endif return APR_INPARENT; |