Question regarding lock of the master drbg during the fork

Сергей Юнаковский lein360 at gmail.com
Wed Aug 28 08:51:22 UTC 2019


Hello,
I have a question regarding the usage of the master DRBG during the fork
operation. As far as I understand from the source code and articles, during
the fork the library will perform the lock of the master DRBG to obtain the
entropy for public and private DRBG.
However, the library does not perform the check of the lock state itself
and it is unclear for me, what will happen if the master DRBG is locked
during the creation of the fork process.

Additionally, what was the purpose of such complicated scheme for DRBGs
except for NIST requirements?  Is it possible to solve fork problem without
implementing the chain of DRBGs?

Can you please help with this?

Articles:
https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html
http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/
https://wiki.openssl.org/index.php/Random_fork-safety

Here is the code from the rand_lib.c:
rand_drbg_lock(drbg->parent);
if (RAND_DRBG_generate(drbg->parent,
buffer, bytes_needed,
prediction_resistance,
NULL, 0) != 0)
bytes = bytes_needed;
drbg->reseed_next_counter
= tsan_load(&drbg->parent->reseed_prop_counter);
rand_drbg_unlock(drbg->parent);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190828/ed4a0849/attachment.html>


More information about the openssl-users mailing list