diff options
author | David Benjamin <davidben@google.com> | 2023-01-08 18:49:42 -0800 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-05-16 21:55:13 +0000 |
commit | dd5219451c3ce26221762a15d867edf43b463bb2 (patch) | |
tree | 2e445a0c1919b0e27e3d38361841b83b935d0f21 /src/crypto/fipsmodule/ec | |
parent | 2eaf07075ac15491c35e1ba1e836797fa81eb96b (diff) | |
download | boringssl-dd5219451c3ce26221762a15d867edf43b463bb2.zip boringssl-dd5219451c3ce26221762a15d867edf43b463bb2.tar.gz boringssl-dd5219451c3ce26221762a15d867edf43b463bb2.tar.bz2 |
Fix RAND_enable_fork_unsafe_buffering when called after fork
If a process calls fork(), then the child process never forks again, the
child may wish to call RAND_enable_fork_unsafe_buffering(). However,
doing so exposes a bug: we assume that, if the flag is set, we don't
need to worry about fork-safety. But it is possible that the PRNG state
was cloned from another process which does not work.
Concretely, consider a zygote process, e.g. Chromium's. A zygote process
would retain fork-safety, but pass along its PRNG state to each of its
children. If the children never fork, they might disable fork-safety,
hitting this bug. (Chromium does not call this API. This is just a
hypothetical scenario.)
Fix this by reseeding whenever the fork-safety bit changes. This fix
does not strictly depend on the atomics work, but it causes us to
unconditionally sample rand_fork_unsafe_buffering_enabled(). This no
longer causes contention because it's just another atomic load.
This only affects systems without MADV_WIPEONFORK and without fast
RDRAND. If RDRAND is fast, we're always fork-safe and MADV_WIPEONFORK
allows us to efficiently detect forks.
Cq-Include-Trybots: luci.boringssl.try:linux_clang_rel_tsan
Change-Id: I6d0c471c62c951254faf85420a7dc3f4a9d65ee0
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/59850
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'src/crypto/fipsmodule/ec')
0 files changed, 0 insertions, 0 deletions