git.librecmc.org Git - oweals/openssl.git/commit

author	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
	Mon, 27 May 2019 19:03:09 +0000 (21:03 +0200)
committer	Matt Caswell <matt@openssl.org>
	Mon, 9 Sep 2019 16:09:06 +0000 (17:09 +0100)
commit	1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be
tree	0399afc3d5177081e45e6fff1b7d92a9473ddeaf	tree \| snapshot
parent	73a683b742b344072e36aab173493f5101992c30	commit \| diff

drbg: ensure fork-safety without using a pthread_atfork handler

When the new OpenSSL CSPRNG was introduced in version 1.1.1,
it was announced in the release notes that it would be fork-safe,
which the old CSPRNG hadn't been.

The fork-safety was implemented using a fork count, which was
incremented by a pthread_atfork handler. Initially, this handler
was enabled by default. Unfortunately, the default behaviour
had to be changed for other reasons in commit b5319bdbd095, so
the new OpenSSL CSPRNG failed to keep its promise.

This commit restores the fork-safety using a different approach.
It replaces the fork count by a fork id, which coincides with
the process id on UNIX-like operating systems and is zero on other
operating systems. It is used to detect when an automatic reseed
after a fork is necessary.

To prevent a future regression, it also adds a test to verify that
the child reseeds after fork.

CVE-2019-1549

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9802)

crypto/include/internal/rand_int.h		diff \| blob \| history
crypto/init.c		diff \| blob \| history
crypto/rand/drbg_lib.c		diff \| blob \| history
crypto/rand/rand_lcl.h		diff \| blob \| history
crypto/rand/rand_lib.c		diff \| blob \| history
crypto/threads_none.c		diff \| blob \| history
crypto/threads_pthread.c		diff \| blob \| history
crypto/threads_win.c		diff \| blob \| history
include/internal/cryptlib.h		diff \| blob \| history
test/drbgtest.c		diff \| blob \| history