mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

drbg: add fork id to additional data on UNIX systems

Browse Source 
Provides a little extra fork-safety on UNIX systems, adding to the
fact that all DRBGs reseed automatically when the fork_id changes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9832)
This commit is contained in:
Dr. Matthias St. Pierre 2019-05-30 18:52:39 +02:00
parent 849529257c
commit 5562dbb39c
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/rand/rand_unix.c
View File

@ -704,6 +704,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool)
int rand_pool_add_additional_data(RAND_POOL *pool)
{
struct {
int fork_id;
CRYPTO_THREAD_ID tid;
uint64_t time;
} data;
@ -713,9 +714,11 @@ int rand_pool_add_additional_data(RAND_POOL *pool)
/*
* Add some noise from the thread id and a high resolution timer.
* The fork_id adds some extra fork-safety.
* The thread id adds a little randomness if the drbg is accessed
* concurrently (which is the case for the <master> drbg).
*/
data.fork_id = openssl_get_fork_id();
data.tid = CRYPTO_THREAD_get_current_id();
data.time = get_timer_bits();