Drop thread-local fast_rng on fork.

author Nick Mathewson <nickm@torproject.org>

Wed, 6 Mar 2019 14:59:10 +0000 (09:59 -0500)

committer Nick Mathewson <nickm@torproject.org>

Thu, 4 Apr 2019 16:56:52 +0000 (12:56 -0400)
author Nick Mathewson <nickm@torproject.org>
Wed, 6 Mar 2019 14:59:10 +0000 (09:59 -0500)
committer Nick Mathewson <nickm@torproject.org>
Thu, 4 Apr 2019 16:56:52 +0000 (12:56 -0400)
diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c

index cf491f32d1355f01d8794799e485c66ae3b06b0d..5c2780b2ca981652e714bdc2e4a5610ef31eab9e 100644 (file)
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@@ -152,6 +152,12 @@ crypto_prefork(void)
  #ifdef ENABLE_NSS
    crypto_nss_prefork();
  #endif
+  /* It is not safe to share a fast_rng object across a fork boundary unless
+   * we actually have zero-on-fork support in map_anon.c.  If we have
+   * drop-on-fork support, we will crash; if we have neither, we will yield
+   * a copy of the parent process's rng, which is scary and insecure.
+   */
+  destroy_thread_fast_rng();
  }
  
  /** Run operations that the crypto library requires to be happy again
author	Nick Mathewson <nickm@torproject.org>
	Wed, 6 Mar 2019 14:59:10 +0000 (09:59 -0500)
committer	Nick Mathewson <nickm@torproject.org>
	Thu, 4 Apr 2019 16:56:52 +0000 (12:56 -0400)