92f888e836
Fork-unsafe buffering was a mode that could be enabled by applications that were sure that they didn't need to worry about state duplication. It saved reads to urandom. Since everything is now going through the CTR-DRBG, we can get the same effect by simply not reading additional data from urandom in this case. This change drops the buffering from urandom.c and, instead, implements fork-unsafe buffering as a mode that skips reading additional data from urandom, which only happened when RDRAND wasn't available anyway. Since we expect the power-on self-tests to call into the PRNG, this change also makes the flag capable of changing at any point by using a mutex rather than a once. This is split into a separate file so that it doesn't have to go into the FIPS module—since it uses r/w data that would be a pain. Change-Id: I5fd0ead0422e770e35758f080bb1cffa70d0c8da Reviewed-on: https://boringssl-review.googlesource.com/14924 Reviewed-by: Adam Langley <agl@google.com>
45 lines
1.5 KiB
C
45 lines
1.5 KiB
C
/* Copyright (c) 2017, Google Inc.
|
|
*
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include "internal.h"
|
|
|
|
|
|
/* g_buffering_enabled is true if fork-unsafe buffering has been enabled. */
|
|
static int g_buffering_enabled = 0;
|
|
|
|
/* g_lock protects |g_buffering_enabled|. */
|
|
static struct CRYPTO_STATIC_MUTEX g_lock = CRYPTO_STATIC_MUTEX_INIT;
|
|
|
|
void RAND_enable_fork_unsafe_buffering(int fd) {
|
|
/* We no longer support setting the file-descriptor with this function. */
|
|
if (fd != -1) {
|
|
abort();
|
|
}
|
|
|
|
CRYPTO_STATIC_MUTEX_lock_write(&g_lock);
|
|
g_buffering_enabled = 1;
|
|
CRYPTO_STATIC_MUTEX_unlock_write(&g_lock);
|
|
}
|
|
|
|
int rand_fork_unsafe_buffering_enabled(void) {
|
|
CRYPTO_STATIC_MUTEX_lock_read(&g_lock);
|
|
const int ret = g_buffering_enabled;
|
|
CRYPTO_STATIC_MUTEX_unlock_read(&g_lock);
|
|
return ret;
|
|
}
|