Question regarding lock of the master drbg during the fork

[Сергей Юнаковский]

Hello,
I have a question regarding the usage of the master DRBG during the fork
operation. As far as I understand from the source code and articles, during
the fork the library will perform the lock of the master DRBG to obtain the
entropy for public and private DRBG.
However, the library does not perform the check of the lock state itself
and it is unclear for me, what will happen if the master DRBG is locked
during the creation of the fork process.

Additionally, what was the purpose of such complicated scheme for DRBGs
except for NIST requirements?  Is it possible to solve fork problem without
implementing the chain of DRBGs?

Can you please help with this?

Articles:
https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html
http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/
https://wiki.openssl.org/index.php/Random_fork-safety

Here is the code from the rand_lib.c:
rand_drbg_lock(drbg->parent);
if (RAND_DRBG_generate(drbg->parent,
buffer, bytes_needed,
prediction_resistance,
NULL, 0) != 0)
bytes = bytes_needed;
drbg->reseed_next_counter
= tsan_load(&drbg->parent->reseed_prop_counter);
rand_drbg_unlock(drbg->parent);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190828/ed4a0849/attachment.html>