mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
a218770d4d
openssl/crypto/include/internal
History
Dr. Matthias St. Pierre 849529257c drbg: ensure fork-safety without using a pthread_atfork handler 
When the new OpenSSL CSPRNG was introduced in version 1.1.1,
it was announced in the release notes that it would be fork-safe,
which the old CSPRNG hadn't been.

The fork-safety was implemented using a fork count, which was
incremented by a pthread_atfork handler. Initially, this handler
was enabled by default. Unfortunately, the default behaviour
had to be changed for other reasons in commit b5319bdbd0, so
the new OpenSSL CSPRNG failed to keep its promise.

This commit restores the fork-safety using a different approach.
It replaces the fork count by a fork id, which coincides with
the process id on UNIX-like operating systems and is zero on other
operating systems. It is used to detect when an automatic reseed
after a fork is necessary.

To prevent a future regression, it also adds a test to verify that
the child reseeds after fork.

CVE-2019-1549

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9832)
2019-09-11 11:22:18 +02:00
..
__DECC_INCLUDE_EPILOGUE.H
__DECC_INCLUDE_PROLOGUE.H
aria.h
asn1_dsa.h Convert asn1_dsa.c to use the WPACKET API instead 2019-07-12 06:26:46 +10:00
asn1_int.h Add evp_keymgmt_export_to_provider(), for key transfer between providers 2019-07-22 06:18:58 +02:00
async.h Convert thread stop handling into a publish/subscribe model 2019-06-17 15:32:54 +01:00
bn_conf.h.in
bn_dh.h
bn_int.h Make the EC code available from inside the FIPS provider 2019-08-06 11:19:07 +01:00
bn_srp.h
chacha.h Remove tab characters from C source files. 2019-07-16 20:24:10 +10:00
ciphermode_platform.h Remove extern declarations of OPENSSL_ia32cap_P 2019-09-01 15:41:58 +02:00
cms_int.h CAdES : lowercase name for now internal methods. 2019-07-31 19:14:12 +10:00
cryptlib_int.h prevent endless recursion when trace API is used within OPENSSL_init_crypto() 2019-08-20 11:16:41 +08:00
ctype.h Add missing EBCDIC strings 2019-08-14 10:41:41 +01:00
dso_conf.h.in
ec_int.h
engine.h
err_int.h Convert thread stop handling into a publish/subscribe model 2019-06-17 15:32:54 +01:00
ess_int.h CAdES : lowercase name for now internal methods. 2019-07-31 19:14:12 +10:00
evp_int.h Move EVP_PKEY algorithm implementations into a union 2019-09-09 14:00:00 +01:00
lhash.h
md32_common.h
modes_int.h Adapt diverse code to provider based MACs. 2019-08-15 22:12:25 +02:00
objects.h
poly1305.h
rand_int.h drbg: ensure fork-safety without using a pthread_atfork handler 2019-09-11 11:22:18 +02:00
sha.h Move digests to providers 2019-06-04 12:09:50 +10:00
siphash.h
siv_int.h Add Common shared code needed to move aes ciphers to providers 2019-07-16 09:46:14 +10:00
sm2.h
sm2err.h Regenerate mkerr files 2019-07-16 05:26:28 +02:00
sm4.h
sparse_array.h Add sparse array of const pointer type 2019-06-01 17:55:33 +10:00
store_int.h
store.h
x509_int.h Rename X509_STORE ptr stored in opaque struct X509_STORE_CTX 2019-07-31 20:56:34 +10:00