Blob Blame History Raw
diff -up openssl-1.1.1c/crypto/fips/fips.c.fork-safety openssl-1.1.1c/crypto/fips/fips.c
--- openssl-1.1.1c/crypto/fips/fips.c.fork-safety	2019-11-20 11:36:22.343506961 +0100
+++ openssl-1.1.1c/crypto/fips/fips.c	2019-11-21 17:44:32.920776849 +0100
@@ -472,7 +472,7 @@ int FIPS_module_mode_set(int onoff)
 
         fips_set_mode(onoff);
         /* force RNG reseed with entropy from getrandom() on next call */
-        rand_fork();
+        rand_force_reseed();
 
         ret = 1;
         goto end;
diff -up openssl-1.1.1c/crypto/include/internal/rand_int.h.fork-safety openssl-1.1.1c/crypto/include/internal/rand_int.h
--- openssl-1.1.1c/crypto/include/internal/rand_int.h.fork-safety	2019-11-20 11:36:22.382506277 +0100
+++ openssl-1.1.1c/crypto/include/internal/rand_int.h	2019-11-21 17:45:42.102456672 +0100
@@ -24,9 +24,9 @@
 typedef struct rand_pool_st RAND_POOL;
 
 void rand_cleanup_int(void);
+void rand_force_reseed(void);
 void rand_drbg_cleanup_int(void);
 void drbg_delete_thread_state(void);
-void rand_fork(void);
 
 /* Hardware-based seeding functions. */
 size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
diff -up openssl-1.1.1c/crypto/init.c.fork-safety openssl-1.1.1c/crypto/init.c
--- openssl-1.1.1c/crypto/init.c.fork-safety	2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/crypto/init.c	2019-11-21 17:34:13.478597398 +0100
@@ -847,6 +847,5 @@ void OPENSSL_fork_parent(void)
 
 void OPENSSL_fork_child(void)
 {
-    rand_fork();
 }
 #endif
diff -up openssl-1.1.1c/crypto/rand/drbg_lib.c.fork-safety openssl-1.1.1c/crypto/rand/drbg_lib.c
--- openssl-1.1.1c/crypto/rand/drbg_lib.c.fork-safety	2019-11-20 11:36:22.383506260 +0100
+++ openssl-1.1.1c/crypto/rand/drbg_lib.c	2019-11-21 17:46:37.583397431 +0100
@@ -197,7 +197,7 @@ static RAND_DRBG *rand_drbg_new(int secu
     }
 
     drbg->secure = secure && CRYPTO_secure_allocated(drbg);
-    drbg->fork_count = rand_fork_count;
+    drbg->fork_id = openssl_get_fork_id();
     drbg->parent = parent;
 
     if (parent == NULL) {
@@ -583,6 +583,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg,
                        int prediction_resistance,
                        const unsigned char *adin, size_t adinlen)
 {
+    int fork_id;
     int reseed_required = 0;
 
     if (drbg->state != DRBG_READY) {
@@ -608,8 +609,10 @@ int RAND_DRBG_generate(RAND_DRBG *drbg,
         return 0;
     }
 
-    if (drbg->fork_count != rand_fork_count) {
-        drbg->fork_count = rand_fork_count;
+    fork_id = openssl_get_fork_id();
+
+    if (drbg->fork_id != fork_id) {
+        drbg->fork_id = fork_id;
         reseed_required = 1;
     }
 
@@ -1011,6 +1014,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
     return min_entropy > min_entropylen ? min_entropy : min_entropylen;
 }
 
+void rand_force_reseed(void)
+{
+    RAND_DRBG *drbg;
+
+    drbg = RAND_DRBG_get0_master();
+    drbg->fork_id = 0;
+
+    drbg = RAND_DRBG_get0_private();
+    drbg->fork_id = 0;
+
+    drbg = RAND_DRBG_get0_public();
+    drbg->fork_id = 0;
+}
+
 /* Implements the default OpenSSL RAND_add() method */
 static int drbg_add(const void *buf, int num, double randomness)
 {
diff -up openssl-1.1.1c/crypto/rand/rand_lcl.h.fork-safety openssl-1.1.1c/crypto/rand/rand_lcl.h
--- openssl-1.1.1c/crypto/rand/rand_lcl.h.fork-safety	2019-11-20 11:36:22.383506260 +0100
+++ openssl-1.1.1c/crypto/rand/rand_lcl.h	2019-11-21 17:34:13.485597265 +0100
@@ -176,12 +176,12 @@ struct rand_drbg_st {
     int secure; /* 1: allocated on the secure heap, 0: otherwise */
     int type; /* the nid of the underlying algorithm */
     /*
-     * Stores the value of the rand_fork_count global as of when we last
-     * reseeded.  The DRBG reseeds automatically whenever drbg->fork_count !=
-     * rand_fork_count.  Used to provide fork-safety and reseed this DRBG in
-     * the child process.
+     * Stores the return value of openssl_get_fork_id() as of when we last
+     * reseeded.  The DRBG reseeds automatically whenever drbg->fork_id !=
+     * openssl_get_fork_id().  Used to provide fork-safety and reseed this
+     * DRBG in the child process.
      */
-    int fork_count;
+    int fork_id;
     unsigned short flags; /* various external flags */
 
     /*
@@ -273,19 +273,6 @@ struct rand_drbg_st {
 /* The global RAND method, and the global buffer and DRBG instance. */
 extern RAND_METHOD rand_meth;
 
-/*
- * A "generation count" of forks.  Incremented in the child process after a
- * fork.  Since rand_fork_count is increment-only, and only ever written to in
- * the child process of the fork, which is guaranteed to be single-threaded, no
- * locking is needed for normal (read) accesses; the rest of pthread fork
- * processing is assumed to introduce the necessary memory barriers.  Sibling
- * children of a given parent will produce duplicate values, but this is not
- * problematic because the reseeding process pulls input from the system CSPRNG
- * and/or other global sources, so the siblings will end up generating
- * different output streams.
- */
-extern int rand_fork_count;
-
 /* DRBG helpers */
 int rand_drbg_restart(RAND_DRBG *drbg,
                       const unsigned char *buffer, size_t len, size_t entropy);
diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.fork-safety openssl-1.1.1c/crypto/rand/rand_lib.c
--- openssl-1.1.1c/crypto/rand/rand_lib.c.fork-safety	2019-11-20 11:36:22.374506418 +0100
+++ openssl-1.1.1c/crypto/rand/rand_lib.c	2019-11-21 17:34:13.487597227 +0100
@@ -30,8 +30,6 @@ static CRYPTO_RWLOCK *rand_meth_lock;
 static const RAND_METHOD *default_RAND_meth;
 static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
 
-int rand_fork_count;
-
 static CRYPTO_RWLOCK *rand_nonce_lock;
 static int rand_nonce_count;
 
@@ -303,11 +301,6 @@ void rand_drbg_cleanup_additional_data(R
     rand_pool_reattach(pool, out);
 }
 
-void rand_fork(void)
-{
-    rand_fork_count++;
-}
-
 DEFINE_RUN_ONCE_STATIC(do_rand_init)
 {
 #ifndef OPENSSL_NO_ENGINE
diff -up openssl-1.1.1c/crypto/threads_none.c.fork-safety openssl-1.1.1c/crypto/threads_none.c
--- openssl-1.1.1c/crypto/threads_none.c.fork-safety	2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/crypto/threads_none.c	2019-11-21 17:34:13.489597189 +0100
@@ -12,6 +12,11 @@
 
 #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
 
+# if defined(OPENSSL_SYS_UNIX)
+#  include <sys/types.h>
+#  include <unistd.h>
+# endif
+
 CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
 {
     CRYPTO_RWLOCK *lock;
@@ -133,4 +138,12 @@ int openssl_init_fork_handlers(void)
     return 0;
 }
 
+int openssl_get_fork_id(void)
+{
+# if defined(OPENSSL_SYS_UNIX)
+    return getpid();
+# else
+    return 0;
+# endif
+}
 #endif
diff -up openssl-1.1.1c/crypto/threads_pthread.c.fork-safety openssl-1.1.1c/crypto/threads_pthread.c
--- openssl-1.1.1c/crypto/threads_pthread.c.fork-safety	2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/crypto/threads_pthread.c	2019-11-21 17:34:13.492597131 +0100
@@ -12,6 +12,11 @@
 
 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
 
+# if defined(OPENSSL_SYS_UNIX)
+#  include <sys/types.h>
+#  include <unistd.h>
+#endif
+
 # ifdef PTHREAD_RWLOCK_INITIALIZER
 #  define USE_RWLOCK
 # endif
@@ -193,4 +198,9 @@ int openssl_init_fork_handlers(void)
 # endif
     return 0;
 }
+
+int openssl_get_fork_id(void)
+{
+    return getpid();
+}
 #endif
diff -up openssl-1.1.1c/crypto/threads_win.c.fork-safety openssl-1.1.1c/crypto/threads_win.c
--- openssl-1.1.1c/crypto/threads_win.c.fork-safety	2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/crypto/threads_win.c	2019-11-21 17:34:13.495597074 +0100
@@ -164,4 +164,8 @@ int openssl_init_fork_handlers(void)
     return 0;
 }
 
+int openssl_get_fork_id(void)
+{
+    return 0;
+}
 #endif
diff -up openssl-1.1.1c/include/internal/cryptlib.h.fork-safety openssl-1.1.1c/include/internal/cryptlib.h
--- openssl-1.1.1c/include/internal/cryptlib.h.fork-safety	2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/include/internal/cryptlib.h	2019-11-21 17:34:13.497597036 +0100
@@ -80,6 +80,7 @@ extern unsigned int OPENSSL_ia32cap_P[];
 void OPENSSL_showfatal(const char *fmta, ...);
 void crypto_cleanup_all_ex_data_int(void);
 int openssl_init_fork_handlers(void);
+int openssl_get_fork_id(void);
 
 char *ossl_safe_getenv(const char *name);
 
diff -up openssl-1.1.1c/test/drbgtest.c.fork-safety openssl-1.1.1c/test/drbgtest.c
--- openssl-1.1.1c/test/drbgtest.c.fork-safety	2019-11-20 11:36:22.384506242 +0100
+++ openssl-1.1.1c/test/drbgtest.c	2019-11-21 17:34:13.499596998 +0100
@@ -22,6 +22,13 @@
 # include <windows.h>
 #endif
 
+
+#if defined(OPENSSL_SYS_UNIX)
+# include <sys/types.h>
+# include <sys/wait.h>
+# include <unistd.h>
+#endif
+
 #include "testutil.h"
 #include "drbgtest.h"
 
@@ -696,6 +703,40 @@ static int test_drbg_reseed(int expect_s
     return 1;
 }
 
+
+#if defined(OPENSSL_SYS_UNIX)
+/*
+ * Test whether master, public and private DRBG are reseeded after
+ * forking the process.
+ */
+static int test_drbg_reseed_after_fork(RAND_DRBG *master,
+                                       RAND_DRBG *public,
+                                       RAND_DRBG *private)
+{
+    pid_t pid;
+    int status=0;
+
+    pid = fork();
+    if (!TEST_int_ge(pid, 0))
+        return 0;
+
+    if (pid > 0) {
+        /* I'm the parent; wait for the child and check its exit code */
+        return TEST_int_eq(waitpid(pid, &status, 0), pid) && TEST_int_eq(status, 0);
+    }
+
+    /* I'm the child; check whether all three DRBGs reseed. */
+    if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0)))
+        status = 1;
+
+    /* Remove hooks  */
+    unhook_drbg(master);
+    unhook_drbg(public);
+    unhook_drbg(private);
+    exit(status);
+}
+#endif
+
 /*
  * Test whether the default rand_method (RAND_OpenSSL()) is
  * setup correctly, in particular whether reseeding  works
@@ -786,6 +827,10 @@ static int test_rand_drbg_reseed(void)
         goto error;
     reset_drbg_hook_ctx();
 
+#if defined(OPENSSL_SYS_UNIX)
+    if (!TEST_true(test_drbg_reseed_after_fork(master, public, private)))
+        goto error;
+#endif
 
     /* fill 'randomness' buffer with some arbitrary data */
     memset(rand_add_buf, 'r', sizeof(rand_add_buf));