drbg: add fork id to additional data on UNIX systems
Provides a little extra fork-safety on UNIX systems, adding to the fact that all DRBGs reseed automatically when the fork_id changes. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9802)
This commit is contained in:
Dr. Matthias St. Pierre
Matt Caswell
parent
1b0fe00e27
commit
5520695c73
1 changed files with 3 additions and 0 deletions
|
|
@ -711,15 +711,18 @@ int rand_pool_add_nonce_data(RAND_POOL *pool)
|
|||
int rand_pool_add_additional_data(RAND_POOL *pool)
|
||||
{
|
||||
struct {
|
||||
int fork_id;
|
||||
CRYPTO_THREAD_ID tid;
|
||||
uint64_t time;
|
||||
} data = { 0 };
|
||||
|
||||
/*
|
||||
* Add some noise from the thread id and a high resolution timer.
|
||||
* The fork_id adds some extra fork-safety.
|
||||
* The thread id adds a little randomness if the drbg is accessed
|
||||
* concurrently (which is the case for the <master> drbg).
|
||||
*/
|
||||
data.fork_id = openssl_get_fork_id();
|
||||
data.tid = CRYPTO_THREAD_get_current_id();
|
||||
data.time = get_timer_bits();
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue