only call: ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");

once at startup.  if there is value in calling it more than once at
startup, it should be done explicitly rather than hidden in
ssl_tmp_keys_init().

switch to ptemp pool when calling ssl_rand_seed() at startup.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93893 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 6db4aada5a54945217e707c54ab017fda16cc01a..8a8ab0acd3fea391afd6bd2b885fb24f081ad63a 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -178,11 +178,8 @@ static void ssl_tmp_key_init_dh(server_rec *s,
 #define MODSSL_TMP_KEY_INIT_DH(s, bits) \
     ssl_tmp_key_init_dh(s, bits, SSL_TMP_KEY_DH_##bits)
 
-static void ssl_tmp_keys_init(server_rec *s, apr_pool_t *p)
+static void ssl_tmp_keys_init(server_rec *s)
 {
-    /* seed PRNG */
-    ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
-
     ssl_log(s, SSL_LOG_INFO,
             "Init: Generating temporary RSA private keys (512/1024 bits)");
 
@@ -264,8 +261,16 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
     ssl_util_thread_setup(base_server, p);
 #endif
 
+    /*
+     * Seed the Pseudo Random Number Generator (PRNG)
+     * only need ptemp here; nothing inside allocated from the pool
+     * needs to live once we return from ssl_rand_seed().
+     */
+    ssl_rand_seed(base_server, ptemp, SSL_RSCTX_STARTUP, "Init: ");
+
     ssl_pphrase_Handle(base_server, p);
-    ssl_tmp_keys_init(base_server, p);
+
+    ssl_tmp_keys_init(base_server);
 
     /*
      * SSL external crypto device ("engine") support
@@ -297,11 +302,6 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
      */
     ssl_scache_init(base_server, p);
 
-    /*
-     * Seed the Pseudo Random Number Generator (PRNG)
-     */
-    ssl_rand_seed(base_server, p, SSL_RSCTX_STARTUP, "Init: ");
-
     /*
      *  initialize servers
      */