openssl/include/internal
Dr. Matthias St. Pierre 849529257c drbg: ensure fork-safety without using a pthread_atfork handler
When the new OpenSSL CSPRNG was introduced in version 1.1.1,
it was announced in the release notes that it would be fork-safe,
which the old CSPRNG hadn't been.

The fork-safety was implemented using a fork count, which was
incremented by a pthread_atfork handler. Initially, this handler
was enabled by default. Unfortunately, the default behaviour
had to be changed for other reasons in commit b5319bdbd0, so
the new OpenSSL CSPRNG failed to keep its promise.

This commit restores the fork-safety using a different approach.
It replaces the fork count by a fork id, which coincides with
the process id on UNIX-like operating systems and is zero on other
operating systems. It is used to detect when an automatic reseed
after a fork is necessary.

To prevent a future regression, it also adds a test to verify that
the child reseeds after fork.

CVE-2019-1549

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9832)
2019-09-11 11:22:18 +02:00
..
__DECC_INCLUDE_EPILOGUE.H
__DECC_INCLUDE_PROLOGUE.H
bio.h
comp.h
conf.h
constant_time_locl.h Add value_barriers in constant time select functions 2019-07-18 15:55:19 +02:00
core.h Modify ossl_method_store_add() to accept an OSSL_PROVIDER and check for it 2019-08-22 01:50:30 +02:00
cryptlib.h drbg: ensure fork-safety without using a pthread_atfork handler 2019-09-11 11:22:18 +02:00
dane.h
dso.h
dsoerr.h Regenerate mkerr files 2019-07-16 05:26:28 +02:00
err.h
ktls.h Linux ktls sendfile 2019-05-07 14:24:16 +01:00
md5_sha1.h Move digests to providers 2019-06-04 12:09:50 +10:00
namemap.h Replumbing: add support for multiple names per algorithm 2019-06-24 10:58:13 +02:00
nelem.h
numbers.h Remove tab characters from C source files. 2019-07-16 20:24:10 +10:00
o_dir.h
packet.h Give WPACKET the ability to have a NULL buffer underneath it 2019-07-12 06:26:46 +10:00
param_build.h Fix ossl_param_bld_push_{utf8,octet}_string() / param_bld_convert() 2019-08-21 11:18:58 +02:00
property.h Make sure we pre-initialise properties 2019-08-29 10:50:47 +01:00
propertyerr.h Regenerate mkerr files 2019-07-16 05:26:28 +02:00
provider.h Prepare EVP_MAC infrastructure for moving all MACs to providers 2019-08-15 22:12:25 +02:00
refcount.h fix --strict-warnings build 2019-04-07 13:30:26 +02:00
sha3.h Move digests to providers 2019-06-04 12:09:50 +10:00
sm3.h Move digests to providers 2019-06-04 12:09:50 +10:00
sockets.h
sslconf.h
symhacks.h Rename provider and core get_param_types functions 2019-08-15 11:58:25 +02:00
thread_once.h Prevent the use of RUN_ONCE inside the FIPS module 2019-07-04 17:11:07 +01:00
tsan_assist.h Fix Typos 2019-07-02 14:22:29 +02:00