[openssl-commits] [openssl] master update

kaduk at mit.edu kaduk at mit.edu
Thu Mar 29 14:06:55 UTC 2018 

The branch master has been updated
       via  f2633200eb223f9fe7453de24ecd2e4f657040d9 (commit)
      from  fffb1c5496e47dacc8245bd140f6955a31c5ea6f (commit)


- Log -----------------------------------------------------------------
commit f2633200eb223f9fe7453de24ecd2e4f657040d9
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Aug 7 09:55:48 2017 -0500

    Document RAND_DRBG fork-safety locking model
    
    Add some more exposition on why unlocked access to the global rand_fork_count
    is safe, and provide a comment for the struct rand_drbg_st fork_count field.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/4110)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/rand_lcl.h | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index 60c42f7..0a34aa0 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -116,6 +116,12 @@ struct rand_drbg_st {
     RAND_DRBG *parent;
     int secure; /* 1: allocated on the secure heap, 0: otherwise */
     int type; /* the nid of the underlying algorithm */
+    /*
+     * Stores the value of the rand_fork_count global as of when we last
+     * reseeded.  The DRG reseeds automatically whenever drbg->fork_count !=
+     * rand_fork_count.  Used to provide fork-safety and reseed this DRBG in
+     * the child process.
+     */
     int fork_count;
     unsigned short flags; /* various external flags */
 
@@ -202,7 +208,17 @@ struct rand_drbg_st {
 /* The global RAND method, and the global buffer and DRBG instance. */
 extern RAND_METHOD rand_meth;
 
-/* How often we've forked (only incremented in child). */
+/*
+ * A "generation count" of forks.  Incremented in the child process after a
+ * fork.  Since rand_fork_count is increment-only, and only ever written to in
+ * the child process of the fork, which is guaranteed to be single-threaded, no
+ * locking is needed for normal (read) accesses; the rest of pthread fork
+ * processing is assumed to introduce the necessary memory barriers.  Sibling
+ * children of a given parent will produce duplicate values, but this is not
+ * problematic because the reseeding process pulls input from the system CSPRNG
+ * and/or other global sources, so the siblings will end up generating
+ * different output streams.
+ */
 extern int rand_fork_count;
 
 /* DRBG helpers */

More information about the openssl-commits mailing list