drbg: add fork id to additional data on UNIX systems

Provides a little extra fork-safety on UNIX systems, adding to the fact that all DRBGs reseed automatically when the fork_id changes. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9802)
author: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> 2019-05-30 18:52:39 +0200
committer: Matt Caswell <matt@openssl.org> 2019-09-09 17:09:06 +0100
commit: 5520695c733f7e6577a8b06e5ed3e34aa48df19a (patch)
tree: 5a87559fa9905c727dfa0a6f43521ea1e01a909a
parent: 1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be (diff)
download: openssl-5520695c733f7e6577a8b06e5ed3e34aa48df19a.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 1f608c9565..0cfa4e0625 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -711,15 +711,18 @@ int rand_pool_add_nonce_data(RAND_POOL *pool)
 int rand_pool_add_additional_data(RAND_POOL *pool)
 {
     struct {
+        int fork_id;
         CRYPTO_THREAD_ID tid;
         uint64_t time;
     } data = { 0 };
 
     /*
      * Add some noise from the thread id and a high resolution timer.
+     * The fork_id adds some extra fork-safety.
      * The thread id adds a little randomness if the drbg is accessed
      * concurrently (which is the case for the <master> drbg).
      */
+    data.fork_id = openssl_get_fork_id();
     data.tid = CRYPTO_THREAD_get_current_id();
     data.time = get_timer_bits();
author	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>	2019-05-30 18:52:39 +0200
committer	Matt Caswell <matt@openssl.org>	2019-09-09 17:09:06 +0100
commit	5520695c733f7e6577a8b06e5ed3e34aa48df19a (patch)
tree	5a87559fa9905c727dfa0a6f43521ea1e01a909a
parent	1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be (diff)
download	openssl-5520695c733f7e6577a8b06e5ed3e34aa48df19a.tar.gz