From be8fdbe623d31504fd280dca002c3702ba2a36da Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 16 Mar 2011 21:46:13 +0100 Subject: Corrected nettle's RNG behavior on fork and added a test case. --- lib/nettle/rnd.c | 11 ++++-- tests/Makefile.am | 2 +- tests/rng-fork.c | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 109 insertions(+), 4 deletions(-) create mode 100644 tests/rng-fork.c diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c index 9ccb398fe3..8af0adde57 100644 --- a/lib/nettle/rnd.c +++ b/lib/nettle/rnd.c @@ -250,7 +250,6 @@ do_device_source_urandom (int init) if ((device_fd > 0) && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL))) { - /* More than a minute since we last read the device */ uint8_t buf[DEVICE_READ_SIZE_MAX]; uint32_t done; @@ -348,7 +347,7 @@ static int do_device_source (int init) { static pid_t pid; /* detect fork() */ - int ret; + int ret, reseed = 0; static int (*do_source) (int init) = NULL; /* using static var here is ok since we are * always called with mutexes down @@ -380,9 +379,15 @@ do_device_source (int init) { /* fork() detected */ device_last_read = 0; pid = getpid(); + reseed = 1; } - return do_source (init); + ret = do_source (init); + + if (reseed) + yarrow256_slow_reseed (&yctx); + + return ret; } } diff --git a/tests/Makefile.am b/tests/Makefile.am index b8adcfd94e..cd6e4d1698 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -60,7 +60,7 @@ ctests = simple gc set_pkcs12_cred certder certuniqueid mpi \ crq_key_id x509sign-verify cve-2009-1415 cve-2009-1416 \ crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain \ nul-in-x509-names x509_altname pkcs12_encode mini-x509 \ - mini-x509-rehandshake #gendh + mini-x509-rehandshake rng-fork #gendh if ENABLE_OPENSSL ctests += openssl diff --git a/tests/rng-fork.c b/tests/rng-fork.c new file mode 100644 index 0000000000..1e4b5e531d --- /dev/null +++ b/tests/rng-fork.c @@ -0,0 +1,100 @@ +/* + * Copyright (C) 2008, 2010 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see . + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include "utils.h" +#include +#include +#include "../lib/random.h" + +static void dump(const char* name, unsigned char* buf, int buf_size) +{ +int i; + printf("%s: ", name); + for(i=0;i