mirror of
https://github.com/openssl/openssl.git
synced 2025-01-25 03:13:59 +08:00
849529257c
When the new OpenSSL CSPRNG was introduced in version 1.1.1,
it was announced in the release notes that it would be fork-safe,
which the old CSPRNG hadn't been.
The fork-safety was implemented using a fork count, which was
incremented by a pthread_atfork handler. Initially, this handler
was enabled by default. Unfortunately, the default behaviour
had to be changed for other reasons in commit b5319bdbd0
, so
the new OpenSSL CSPRNG failed to keep its promise.
This commit restores the fork-safety using a different approach.
It replaces the fork count by a fork id, which coincides with
the process id on UNIX-like operating systems and is zero on other
operating systems. It is used to detect when an automatic reseed
after a fork is necessary.
To prevent a future regression, it also adds a test to verify that
the child reseeds after fork.
CVE-2019-1549
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9832)
221 lines
4.5 KiB
C
221 lines
4.5 KiB
C
/*
|
|
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/crypto.h>
|
|
#include "internal/cryptlib.h"
|
|
|
|
#if defined(__sun)
|
|
# include <atomic.h>
|
|
#endif
|
|
|
|
#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
|
|
|
|
# if defined(OPENSSL_SYS_UNIX)
|
|
# include <sys/types.h>
|
|
# include <unistd.h>
|
|
#endif
|
|
|
|
# ifdef PTHREAD_RWLOCK_INITIALIZER
|
|
# define USE_RWLOCK
|
|
# endif
|
|
|
|
CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
|
|
{
|
|
# ifdef USE_RWLOCK
|
|
CRYPTO_RWLOCK *lock;
|
|
|
|
if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) {
|
|
/* Don't set error, to avoid recursion blowup. */
|
|
return NULL;
|
|
}
|
|
|
|
if (pthread_rwlock_init(lock, NULL) != 0) {
|
|
OPENSSL_free(lock);
|
|
return NULL;
|
|
}
|
|
# else
|
|
pthread_mutexattr_t attr;
|
|
CRYPTO_RWLOCK *lock;
|
|
|
|
if ((lock = OPENSSL_zalloc(sizeof(pthread_mutex_t))) == NULL) {
|
|
/* Don't set error, to avoid recursion blowup. */
|
|
return NULL;
|
|
}
|
|
|
|
pthread_mutexattr_init(&attr);
|
|
pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
|
|
|
|
if (pthread_mutex_init(lock, &attr) != 0) {
|
|
pthread_mutexattr_destroy(&attr);
|
|
OPENSSL_free(lock);
|
|
return NULL;
|
|
}
|
|
|
|
pthread_mutexattr_destroy(&attr);
|
|
# endif
|
|
|
|
return lock;
|
|
}
|
|
|
|
int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
|
|
{
|
|
# ifdef USE_RWLOCK
|
|
if (pthread_rwlock_rdlock(lock) != 0)
|
|
return 0;
|
|
# else
|
|
if (pthread_mutex_lock(lock) != 0)
|
|
return 0;
|
|
# endif
|
|
|
|
return 1;
|
|
}
|
|
|
|
int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
|
|
{
|
|
# ifdef USE_RWLOCK
|
|
if (pthread_rwlock_wrlock(lock) != 0)
|
|
return 0;
|
|
# else
|
|
if (pthread_mutex_lock(lock) != 0)
|
|
return 0;
|
|
# endif
|
|
|
|
return 1;
|
|
}
|
|
|
|
int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
|
|
{
|
|
# ifdef USE_RWLOCK
|
|
if (pthread_rwlock_unlock(lock) != 0)
|
|
return 0;
|
|
# else
|
|
if (pthread_mutex_unlock(lock) != 0)
|
|
return 0;
|
|
# endif
|
|
|
|
return 1;
|
|
}
|
|
|
|
void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
|
|
{
|
|
if (lock == NULL)
|
|
return;
|
|
|
|
# ifdef USE_RWLOCK
|
|
pthread_rwlock_destroy(lock);
|
|
# else
|
|
pthread_mutex_destroy(lock);
|
|
# endif
|
|
OPENSSL_free(lock);
|
|
|
|
return;
|
|
}
|
|
|
|
int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
|
|
{
|
|
if (pthread_once(once, init) != 0)
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
|
|
{
|
|
if (pthread_key_create(key, cleanup) != 0)
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
|
|
{
|
|
return pthread_getspecific(*key);
|
|
}
|
|
|
|
int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
|
|
{
|
|
if (pthread_setspecific(*key, val) != 0)
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
|
|
{
|
|
if (pthread_key_delete(*key) != 0)
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
|
|
{
|
|
return pthread_self();
|
|
}
|
|
|
|
int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
|
|
{
|
|
return pthread_equal(a, b);
|
|
}
|
|
|
|
int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
|
|
{
|
|
# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL)
|
|
if (__atomic_is_lock_free(sizeof(*val), val)) {
|
|
*ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL);
|
|
return 1;
|
|
}
|
|
# elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11))
|
|
/* This will work for all future Solaris versions. */
|
|
if (ret != NULL) {
|
|
*ret = atomic_add_int_nv((volatile unsigned int *)val, amount);
|
|
return 1;
|
|
}
|
|
# endif
|
|
if (!CRYPTO_THREAD_write_lock(lock))
|
|
return 0;
|
|
|
|
*val += amount;
|
|
*ret = *val;
|
|
|
|
if (!CRYPTO_THREAD_unlock(lock))
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
# ifndef FIPS_MODE
|
|
/* TODO(3.0): No fork protection in FIPS module yet! */
|
|
|
|
# ifdef OPENSSL_SYS_UNIX
|
|
static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT;
|
|
|
|
static void fork_once_func(void)
|
|
{
|
|
pthread_atfork(OPENSSL_fork_prepare,
|
|
OPENSSL_fork_parent, OPENSSL_fork_child);
|
|
}
|
|
# endif
|
|
|
|
int openssl_init_fork_handlers(void)
|
|
{
|
|
# ifdef OPENSSL_SYS_UNIX
|
|
if (pthread_once(&fork_once_control, fork_once_func) == 0)
|
|
return 1;
|
|
# endif
|
|
return 0;
|
|
}
|
|
# endif /* FIPS_MODE */
|
|
|
|
int openssl_get_fork_id(void)
|
|
{
|
|
return getpid();
|
|
}
|
|
#endif
|