diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-02-26 23:41:26 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-02-27 17:00:20 +0100 |
| commit | 5345fba0899b16548836eb57aecb38113db5735e (patch) | |
| tree | 30245e8055f2240950a4a4a9ff3baad4ea7abc5b /lib | |
| parent | 100bc501a4e850eb9ba21bb5088b2a582e422c80 (diff) | |
| download | gnutls-5345fba0899b16548836eb57aecb38113db5735e.tar.gz | |
fixed nonce generation after fork().
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/nettle/rnd.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c index 0a5967104c..d6340ae74a 100644 --- a/lib/nettle/rnd.c +++ b/lib/nettle/rnd.c @@ -333,7 +333,7 @@ do_device_source_egd (int init) static int do_device_source (int init) { - int ret, reseed = 0; + int ret; static int (*do_source) (int init) = NULL; /* using static var here is ok since we are * always called with mutexes down @@ -362,20 +362,8 @@ do_device_source (int init) } else { -#ifdef HAVE_GETPID - if (getpid() != pid) - { /* fork() detected */ - memset(&device_last_read, 0, sizeof(device_last_read)); - pid = getpid(); - reseed = 1; - } -#endif - ret = do_source (init); - if (reseed) - yarrow256_slow_reseed (&yctx); - return ret; } } @@ -435,16 +423,25 @@ wrap_nettle_rnd_init (void **ctx) static int wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize) { - int ret; + int ret, reseed = 0; RND_LOCK; +#ifdef HAVE_GETPID + if (getpid() != pid) + { /* fork() detected */ + memset(&device_last_read, 0, sizeof(device_last_read)); + pid = getpid(); + reseed = 1; + } +#endif + /* update state only when having a non-nonce or if nonce * and nsecs%4096 == 0, i.e., one out of 4096 times called . * * The reason we do that is to avoid any delays when generating nonces. */ - if (level != GNUTLS_RND_NONCE) + if (level != GNUTLS_RND_NONCE || reseed != 0) { gettime(¤t_time); @@ -463,6 +460,9 @@ wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize) gnutls_assert (); return ret; } + + if (reseed) + yarrow256_slow_reseed (&yctx); } yarrow256_random (&yctx, datasize, data); |