~mdw / catacomb / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 429bb00) | patch
rand/: Secure `rand' generator against fork problems.
authorMark Wooding <mdw@distorted.org.uk>
Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Sat, 4 Jun 2016 12:52:58 +0000 (13:52 +0100)
commit53073dfb7fc2dd06c572e303fcae164cabdd4ba2
treeb16fcffb7d69f7a64d0962719da8299a4405f83dtree | snapshot (tar.gz zip)
parent429bb008068e94288da5328132b35bcfa20771eecommit | diff
rand/: Secure `rand' generator against fork problems.

This is fiddlier than it really ought to be.

  * Make the `i' and `irot' members be `unsigned short' to make space
    for a new member.  These members have well-constrained ranges, so
    this is safe.

  * Insert a new `gen' member to keep track of the pool's `generation
    number'.  Arrange that the global generator's generation number is
    initially zero.

  * Invent a new system-specific function `rand_generation' which
    returns a nonzero `generation number', which changes across forks
    and such things.

  * Have the output functions `rand_get' and `rand_getgood' check the
    generation number and force a `rand_gate' if it changes.

  * Arrange for `rand_gate' and `rand_stretch' to feed the generation
    number into the hashing, so that generators with different
    generations behave computationally independently.
rand/Makefile.am diff | blob | blame | history
rand/rand.c diff | blob | blame | history
rand/rand.h diff | blob | blame | history
rand/randgen.c [new file with mode: 0644] blob
Catacomb cryptographic library