On 12 Jun 2018, at 12:06 AM, yla...@apache.org wrote: > Author: ylavic > Date: Mon Jun 11 22:06:09 2018 > New Revision: 1833359 > > URL: http://svn.apache.org/viewvc?rev=1833359&view=rev > Log: > Cryptographic Pseudo Random Number Generator (CPRNG). > > New apr_crypto_prng API and apr_crypto[_thread]_random_bytes() functions.
> Added: apr/apr/trunk/crypto/apr_crypto_prng.c > + EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL); > + EVP_CIPHER_CTX_set_padding(ctx, 0); > + > + memset(key, 0, APR_CRYPTO_PRNG_KEY_SIZE); > + EVP_EncryptUpdate(ctx, key, &len, key, APR_CRYPTO_PRNG_KEY_SIZE); > + EVP_EncryptUpdate(ctx, to, &len, z, n); > + > + return APR_SUCCESS; > +} > + > +#else /* APU_HAVE_OPENSSL */ > + > +/* XXX: APU_HAVE_CRYPTO_PRNG shoudn't be defined! */ > +#error apr_crypto_prng implemented with OpenSSL only for now The layout of the code goes against the established structure of the apr_crypto API, all of this openssl specific code should go into crypto/apr_crypto_openssl.c. We shouldn’t be ignoring the caller’s choice of crypto library and then hard coding these calls to openssl, especially on platforms like Linux where openssl might be installed by default. Platforms like MacOS where openssl is deprecated would also be a problem. The apr_crypto_block_encrypt_init / apr_crypto_block_encrypt / apr_crypto_block_encrypt_finish functions already implement the above for you, so they could be used instead. Alternatively add the apr_crypto_prng_* functions to the drivers, with APR_ENOTIMPL for NSS and CommonCrypto until the time comes where they are supported. The tests keep segfaulting for me in apr-trunk and apr-util v1.7, I think this code needs more tuning to get it right before it’s backported to apr_util v1.7. Regards, Graham —
