diff options
author | Rich Salz <rsalz@openssl.org> | 2017-08-06 18:12:28 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-08-07 08:30:28 -0400 |
commit | a35f607c9f9112c649b367d05639394fc1c30771 (patch) | |
tree | c27b67822ed2816005cae84502c5b5e2ae6aee14 /crypto/rand/rand_lcl.h | |
parent | 99801878c09404e45d8176739d3a555c41b77d0b (diff) |
Make RAND_DRBG fork-safe
Use atfork to count child forks, and reseed DRBG when the counts don't
match.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4101)
Diffstat (limited to 'crypto/rand/rand_lcl.h')
-rw-r--r-- | crypto/rand/rand_lcl.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index 5c7087c977..c96625456d 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -88,6 +88,7 @@ struct rand_drbg_st { CRYPTO_RWLOCK *lock; RAND_DRBG *parent; int nid; /* the underlying algorithm */ + int fork_count; unsigned short flags; /* various external flags */ unsigned short filled; /* @@ -127,6 +128,9 @@ extern RAND_BYTES_BUFFER rand_bytes; extern RAND_DRBG rand_drbg; extern RAND_DRBG priv_drbg; +/* How often we've forked (only incremented in child). */ +extern int rand_fork_count; + /* Hardware-based seeding functions. */ void rand_read_tsc(RAND_poll_fn cb, void *arg); int rand_read_cpu(RAND_poll_fn cb, void *arg); |