only call: ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");

once at startup. if there is value in calling it more than once at startup, it should be done explicitly rather than hidden in ssl_tmp_keys_init(). switch to ptemp pool when calling ssl_rand_seed() at startup. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93893 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2002-03-13 04:38:35 +00:00
parent ab91c2a588
commit 22b44bf05c
1 changed files with 10 additions and 10 deletions
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -178,11 +178,8 @@ static void ssl_tmp_key_init_dh(server_rec *s,
 #define MODSSL_TMP_KEY_INIT_DH(s, bits) \
    ssl_tmp_key_init_dh(s, bits, SSL_TMP_KEY_DH_##bits)

-static void ssl_tmp_keys_init(server_rec *s, apr_pool_t *p)
+static void ssl_tmp_keys_init(server_rec *s)
 {
-    /* seed PRNG */
-    ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
-
    ssl_log(s, SSL_LOG_INFO,
            "Init: Generating temporary RSA private keys (512/1024 bits)");

@@ -264,8 +261,16 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
    ssl_util_thread_setup(base_server, p);
 #endif

+    /*
+     * Seed the Pseudo Random Number Generator (PRNG)
+     * only need ptemp here; nothing inside allocated from the pool
+     * needs to live once we return from ssl_rand_seed().
+     */
+    ssl_rand_seed(base_server, ptemp, SSL_RSCTX_STARTUP, "Init: ");
+
    ssl_pphrase_Handle(base_server, p);
-    ssl_tmp_keys_init(base_server, p);
+
+    ssl_tmp_keys_init(base_server);

    /*
     * SSL external crypto device ("engine") support
@@ -297,11 +302,6 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
     */
    ssl_scache_init(base_server, p);

-    /*
-     * Seed the Pseudo Random Number Generator (PRNG)
-     */
-    ssl_rand_seed(base_server, p, SSL_RSCTX_STARTUP, "Init: ");
-
    /*
     *  initialize servers
     */