crypto/fipsmodule/rand/fork_detect.h - boringssl - Git at Google

 /* Copyright (c) 2020, Google Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 #ifndef OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
 #define OPENSSL_HEADER_CRYPTO_FORK_DETECT_H

 #include <openssl/base.h>

 #if defined(OPENSSL_LINUX)
 // On linux we use MADVISE instead of pthread_atfork(), due
 // to concerns about clone() being used for address space
 // duplication.
 #define OPENSSL_FORK_DETECTION
 #define OPENSSL_FORK_DETECTION_MADVISE
 #elif defined(OPENSSL_MACOS) || defined(OPENSSL_IOS) || \
     defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD)
 // These platforms may detect address space duplication with pthread_atfork.
 // iOS doesn't normally allow fork in apps, but it's there.
 #define OPENSSL_FORK_DETECTION
 #define OPENSSL_FORK_DETECTION_PTHREAD_ATFORK
 #elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY) || \
     defined(__ZEPHYR__) || defined(CROS_EC)
 // These platforms do not fork.
 #define OPENSSL_DOES_NOT_FORK
 #endif

 #if defined(__cplusplus)
 extern "C" {
 #endif


 // crypto_get_fork_generation returns the fork generation number for the current
 // process, or zero if not supported on the platform. The fork generation number
 // is a non-zero, strictly-monotonic counter with the property that, if queried
 // in an address space and then again in a subsequently forked copy, the forked
 // address space will observe a greater value.
 //
 // This function may be used to clear cached values across a fork. When
 // initializing a cache, record the fork generation. Before using the cache,
 // check if the fork generation has changed. If so, drop the cache and update
 // the save fork generation. Note this logic transparently handles platforms
 // which always return zero.
 //
 // This is not reliably supported on all platforms which implement |fork|, so it
 // should only be used as a hardening measure.
 OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);

 // CRYPTO_fork_detect_force_madv_wipeonfork_for_testing is an internal detail
 // used for testing purposes.
 OPENSSL_EXPORT void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(
     int on);

 #if defined(__cplusplus)
 }  // extern C
 #endif

 #endif  // OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
	/* Copyright (c) 2020, Google Inc.
	*
	* Permission to use, copy, modify, and/or distribute this software for any
	* purpose with or without fee is hereby granted, provided that the above
	* copyright notice and this permission notice appear in all copies.
	*
	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

	#ifndef OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
	#define OPENSSL_HEADER_CRYPTO_FORK_DETECT_H

	#include <openssl/base.h>

	#if defined(OPENSSL_LINUX)
	// On linux we use MADVISE instead of pthread_atfork(), due
	// to concerns about clone() being used for address space
	// duplication.
	#define OPENSSL_FORK_DETECTION
	#define OPENSSL_FORK_DETECTION_MADVISE
	#elif defined(OPENSSL_MACOS) \|\| defined(OPENSSL_IOS) \|\| \
	defined(OPENSSL_OPENBSD) \|\| defined(OPENSSL_FREEBSD)
	// These platforms may detect address space duplication with pthread_atfork.
	// iOS doesn't normally allow fork in apps, but it's there.
	#define OPENSSL_FORK_DETECTION
	#define OPENSSL_FORK_DETECTION_PTHREAD_ATFORK
	#elif defined(OPENSSL_WINDOWS) \|\| defined(OPENSSL_TRUSTY) \|\| \
	defined(__ZEPHYR__) \|\| defined(CROS_EC)
	// These platforms do not fork.
	#define OPENSSL_DOES_NOT_FORK
	#endif

	#if defined(__cplusplus)
	extern "C" {
	#endif


	// crypto_get_fork_generation returns the fork generation number for the current
	// process, or zero if not supported on the platform. The fork generation number
	// is a non-zero, strictly-monotonic counter with the property that, if queried
	// in an address space and then again in a subsequently forked copy, the forked
	// address space will observe a greater value.
	//
	// This function may be used to clear cached values across a fork. When
	// initializing a cache, record the fork generation. Before using the cache,
	// check if the fork generation has changed. If so, drop the cache and update
	// the save fork generation. Note this logic transparently handles platforms
	// which always return zero.
	//
	// This is not reliably supported on all platforms which implement \|fork\|, so it
	// should only be used as a hardening measure.
	OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);

	// CRYPTO_fork_detect_force_madv_wipeonfork_for_testing is an internal detail
	// used for testing purposes.
	OPENSSL_EXPORT void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(
	int on);

	#if defined(__cplusplus)
	} // extern C
	#endif

	#endif // OPENSSL_HEADER_CRYPTO_FORK_DETECT_H