Make RAND_DRBG fork-safe

Use atfork to count child forks, and reseed DRBG when the counts don't match. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4101)
author: Rich Salz <rsalz@openssl.org> 2017-08-06 18:12:28 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-07 08:30:28 -0400
commit: a35f607c9f9112c649b367d05639394fc1c30771 (patch)
tree: c27b67822ed2816005cae84502c5b5e2ae6aee14 /crypto/rand/rand_lcl.h
parent: 99801878c09404e45d8176739d3a555c41b77d0b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index 5c7087c977..c96625456d 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -88,6 +88,7 @@ struct rand_drbg_st {
     CRYPTO_RWLOCK *lock;
     RAND_DRBG *parent;
     int nid; /* the underlying algorithm */
+    int fork_count;
     unsigned short flags; /* various external flags */
     unsigned short filled;
     /*
@@ -127,6 +128,9 @@ extern RAND_BYTES_BUFFER rand_bytes;
 extern RAND_DRBG rand_drbg;
 extern RAND_DRBG priv_drbg;
 
+/* How often we've forked (only incremented in child). */
+extern int rand_fork_count;
+
 /* Hardware-based seeding functions. */
 void rand_read_tsc(RAND_poll_fn cb, void *arg);
 int rand_read_cpu(RAND_poll_fn cb, void *arg);
author	Rich Salz <rsalz@openssl.org>	2017-08-06 18:12:28 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-07 08:30:28 -0400
commit	a35f607c9f9112c649b367d05639394fc1c30771 (patch)
tree	c27b67822ed2816005cae84502c5b5e2ae6aee14 /crypto/rand/rand_lcl.h
parent	99801878c09404e45d8176739d3a555c41b77d0b (diff)