From f2633200eb223f9fe7453de24ecd2e4f657040d9 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 7 Aug 2017 09:55:48 -0500 Subject: [PATCH] Document RAND_DRBG fork-safety locking model Add some more exposition on why unlocked access to the global rand_fork_count is safe, and provide a comment for the struct rand_drbg_st fork_count field. Reviewed-by: Matt Caswell Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/4110) --- crypto/rand/rand_lcl.h | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index 60c42f7ad5..0a34aa0b93 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -116,6 +116,12 @@ struct rand_drbg_st { RAND_DRBG *parent; int secure; /* 1: allocated on the secure heap, 0: otherwise */ int type; /* the nid of the underlying algorithm */ + /* + * Stores the value of the rand_fork_count global as of when we last + * reseeded. The DRG reseeds automatically whenever drbg->fork_count != + * rand_fork_count. Used to provide fork-safety and reseed this DRBG in + * the child process. + */ int fork_count; unsigned short flags; /* various external flags */ @@ -202,7 +208,17 @@ struct rand_drbg_st { /* The global RAND method, and the global buffer and DRBG instance. */ extern RAND_METHOD rand_meth; -/* How often we've forked (only incremented in child). */ +/* + * A "generation count" of forks. Incremented in the child process after a + * fork. Since rand_fork_count is increment-only, and only ever written to in + * the child process of the fork, which is guaranteed to be single-threaded, no + * locking is needed for normal (read) accesses; the rest of pthread fork + * processing is assumed to introduce the necessary memory barriers. Sibling + * children of a given parent will produce duplicate values, but this is not + * problematic because the reseeding process pulls input from the system CSPRNG + * and/or other global sources, so the siblings will end up generating + * different output streams. + */ extern int rand_fork_count; /* DRBG helpers */ -- 2.34.1