fixed nonce generation after fork().

3 files changed, 21 insertions, 19 deletions

diff --git a/NEWS b/NEWS
index 9c695498f1..a02360656c 100644
--- a/NEWS
+++ b/NEWS
@@ -4,12 +4,12 @@ See the end for copying conditions.
 
 * Version 3.1.9 (unreleased)
 
-** certtool: option --to-p12 will now ask for a password to generate
+** certtool: Option --to-p12 will now ask for a password to generate
 a PKCS #12 file from an encrypted key file. Reported by Yan Fiz.
 
 ** libgnutls: Corrected issue in gnutls_pubkey_verify_data().
 
-** libgnutls: corrected parsing issue in XMPP within a subject 
+** libgnutls: Corrected parsing issue in XMPP within a subject 
 alternative name. Reported by James Cloos.
 
 ** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11
@@ -18,6 +18,8 @@ modules, and not only the ones loaded via p11-kit.
 ** libgnutls: Added function to check whether the private key is
 still available (inserted).
 
+** libgnutls: Try to detect fork even during nonce generation.
+
 ** API and ABI modifications:
 gnutls_handshake_set_random: Added
 gnutls_transport_set_int2: Added
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index 0a5967104c..d6340ae74a 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -333,7 +333,7 @@ do_device_source_egd (int init)
 static int
 do_device_source (int init)
 {
-  int ret, reseed = 0;
+  int ret;
   static int (*do_source) (int init) = NULL;
 /* using static var here is ok since we are
  * always called with mutexes down 
@@ -362,20 +362,8 @@ do_device_source (int init)
     }
   else
     {
-#ifdef HAVE_GETPID
-      if (getpid() != pid) 
-        { /* fork() detected */
-          memset(&device_last_read, 0, sizeof(device_last_read));
-          pid = getpid();
-          reseed = 1;
-        }
-#endif
-    
       ret = do_source (init);
       
-      if (reseed)
-        yarrow256_slow_reseed (&yctx);
-      
       return ret;
     }
 }
@@ -435,16 +423,25 @@ wrap_nettle_rnd_init (void **ctx)
 static int
 wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize)
 {
-  int ret;
+  int ret, reseed = 0;
 
   RND_LOCK;
 
+#ifdef HAVE_GETPID
+  if (getpid() != pid) 
+    { /* fork() detected */
+      memset(&device_last_read, 0, sizeof(device_last_read));
+      pid = getpid();
+      reseed = 1;
+    }
+#endif
+
   /* update state only when having a non-nonce or if nonce
    * and nsecs%4096 == 0, i.e., one out of 4096 times called .
    *
    * The reason we do that is to avoid any delays when generating nonces.
    */
-  if (level != GNUTLS_RND_NONCE)
+  if (level != GNUTLS_RND_NONCE || reseed != 0)
     {
       gettime(&current_time);
 
@@ -463,6 +460,9 @@ wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize)
           gnutls_assert ();
           return ret;
         }
+
+      if (reseed)
+        yarrow256_slow_reseed (&yctx);
     }
 
   yarrow256_random (&yctx, datasize, data);
diff --git a/tests/rng-fork.c b/tests/rng-fork.c
index a977e1de56..8de886136d 100644
--- a/tests/rng-fork.c
+++ b/tests/rng-fork.c
@@ -64,7 +64,7 @@ doit (void)
       if (fp == NULL)
         fail("cannot open file");
       
-      gnutls_rnd (GNUTLS_RND_RANDOM, buf1, sizeof (buf1));
+      gnutls_rnd (GNUTLS_RND_NONCE, buf1, sizeof (buf1));
       if (debug) dump("buf1", buf1, sizeof(buf1));
       
       fwrite(buf1, 1, sizeof(buf1), fp);
@@ -73,7 +73,7 @@ doit (void)
   else
     {
       /* daddy */
-      gnutls_rnd (GNUTLS_RND_RANDOM, buf2, sizeof (buf2));
+      gnutls_rnd (GNUTLS_RND_NONCE, buf2, sizeof (buf2));
       if (debug) dump("buf2", buf2, sizeof(buf2));
       waitpid(pid, NULL, 0);