kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0ffc795efb
boringssl/crypto/fipsmodule/rand
History
Adam Langley 0ffc795efb Clear PRNG states in FIPS mode. 
FIPS requires that the CTR-DRBG state be zeroed on process exit, however
destructors for thread-local data aren't called when the process exits.

This change maintains a linked-list of thread-local state which is
walked on exit to zero each thread's PRNG state. Any concurrently
running threads block until the process finishes exiting.

Change-Id: Ie5dc18e1bb2941a569d8b309411cf20c9bdf52ef
Reviewed-on: https://boringssl-review.googlesource.com/16764
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-31 23:39:53 +00:00
..
asm Move much of rand/ into the FIPS module. 2017-04-21 22:03:18 +00:00
ctrdrbg_test.cc Move much of rand/ into the FIPS module. 2017-04-21 22:03:18 +00:00
ctrdrbg_vector_test.cc Move much of rand/ into the FIPS module. 2017-04-21 22:03:18 +00:00
ctrdrbg_vectors.txt Move much of rand/ into the FIPS module. 2017-04-21 22:03:18 +00:00
ctrdrbg.c Move cipher/ into crypto/fipsmodule/ 2017-05-05 22:39:40 +00:00
internal.h Move much of rand/ into the FIPS module. 2017-04-21 22:03:18 +00:00
rand.c Clear PRNG states in FIPS mode. 2017-05-31 23:39:53 +00:00
urandom.c Switch to new delocate tool. 2017-05-30 18:00:16 +00:00