diff options
author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2019-05-30 18:52:39 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-09-09 17:09:06 +0100 |
commit | 5520695c733f7e6577a8b06e5ed3e34aa48df19a (patch) | |
tree | 5a87559fa9905c727dfa0a6f43521ea1e01a909a /crypto | |
parent | 1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be (diff) |
drbg: add fork id to additional data on UNIX systems
Provides a little extra fork-safety on UNIX systems, adding to the
fact that all DRBGs reseed automatically when the fork_id changes.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9802)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/rand/rand_unix.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 1f608c9565..0cfa4e0625 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -711,15 +711,18 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) int rand_pool_add_additional_data(RAND_POOL *pool) { struct { + int fork_id; CRYPTO_THREAD_ID tid; uint64_t time; } data = { 0 }; /* * Add some noise from the thread id and a high resolution timer. + * The fork_id adds some extra fork-safety. * The thread id adds a little randomness if the drbg is accessed * concurrently (which is the case for the <master> drbg). */ + data.fork_id = openssl_get_fork_id(); data.tid = CRYPTO_THREAD_get_current_id(); data.time = get_timer_bits(); |