Move fork detection support out of bcm
This moves fork detection itself back into libcrypto.
BCM itself retains only the API to access the generation number
to know if stiring in more entropy is needed because a fork
happened.
Bug: 723
Change-Id: I9b38440e7243119de97f9c4653f0e91d71107501
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68967
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/build.json b/build.json
index 6f6271a..c1dc1ae 100644
--- a/build.json
+++ b/build.json
@@ -78,7 +78,6 @@
"crypto/fipsmodule/modes/ofb.c",
"crypto/fipsmodule/modes/polyval.c",
"crypto/fipsmodule/rand/ctrdrbg.c",
- "crypto/fipsmodule/rand/fork_detect.c",
"crypto/fipsmodule/rand/rand.c",
"crypto/fipsmodule/rsa/blinding.c",
"crypto/fipsmodule/rsa/padding.c",
@@ -291,6 +290,7 @@
"crypto/poly1305/poly1305_vec.c",
"crypto/pool/pool.c",
"crypto/rand_extra/deterministic.c",
+ "crypto/rand_extra/fork_detect.c",
"crypto/rand_extra/forkunsafe.c",
"crypto/rand_extra/getentropy.c",
"crypto/rand_extra/ios.c",
@@ -512,7 +512,6 @@
"crypto/fipsmodule/ecdsa/internal.h",
"crypto/fipsmodule/md5/internal.h",
"crypto/fipsmodule/modes/internal.h",
- "crypto/fipsmodule/rand/fork_detect.h",
"crypto/fipsmodule/rand/internal.h",
"crypto/fipsmodule/rsa/internal.h",
"crypto/fipsmodule/service_indicator/internal.h",
@@ -831,7 +830,6 @@
"crypto/fipsmodule/md5/md5_test.cc",
"crypto/fipsmodule/modes/gcm_test.cc",
"crypto/fipsmodule/rand/ctrdrbg_test.cc",
- "crypto/fipsmodule/rand/fork_detect_test.cc",
"crypto/fipsmodule/service_indicator/service_indicator_test.cc",
"crypto/fipsmodule/sha/sha_test.cc",
"crypto/hmac_extra/hmac_test.cc",
@@ -850,8 +848,10 @@
"crypto/pkcs8/pkcs8_test.cc",
"crypto/poly1305/poly1305_test.cc",
"crypto/pool/pool_test.cc",
+ "crypto/rand_extra/fork_detect_test.cc",
"crypto/rand_extra/getentropy_test.cc",
"crypto/rand_extra/rand_test.cc",
+ "crypto/rand_extra/rand_test.cc",
"crypto/refcount_test.cc",
"crypto/rsa_extra/rsa_test.cc",
"crypto/self_test.cc",
diff --git a/crypto/bcm_support.h b/crypto/bcm_support.h
index a6f005b..c91bcb0 100644
--- a/crypto/bcm_support.h
+++ b/crypto/bcm_support.h
@@ -23,6 +23,24 @@
extern "C" {
#endif
+#if defined(OPENSSL_LINUX)
+// On linux we use MADVISE instead of pthread_atfork(), due
+// to concerns about clone() being used for address space
+// duplication.
+#define OPENSSL_FORK_DETECTION
+#define OPENSSL_FORK_DETECTION_MADVISE
+#elif defined(OPENSSL_MACOS) || defined(OPENSSL_IOS) || \
+ defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD)
+// These platforms may detect address space duplication with pthread_atfork.
+// iOS doesn't normally allow fork in apps, but it's there.
+#define OPENSSL_FORK_DETECTION
+#define OPENSSL_FORK_DETECTION_PTHREAD_ATFORK
+#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY) || \
+ defined(__ZEPHYR__) || defined(CROS_EC)
+// These platforms do not fork.
+#define OPENSSL_DOES_NOT_FORK
+#endif
+
#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
#define OPENSSL_RAND_DETERMINISTIC
#elif defined(OPENSSL_TRUSTY)
@@ -66,6 +84,28 @@
// has run out of entropy.
void RAND_need_entropy(size_t bytes_needed);
+// crypto_get_fork_generation returns the fork generation number for the current
+// process, or zero if not supported on the platform. The fork generation number
+// is a non-zero, strictly-monotonic counter with the property that, if queried
+// in an address space and then again in a subsequently forked copy, the forked
+// address space will observe a greater value.
+//
+// This function may be used to clear cached values across a fork. When
+// initializing a cache, record the fork generation. Before using the cache,
+// check if the fork generation has changed. If so, drop the cache and update
+// the save fork generation. Note this logic transparently handles platforms
+// which always return zero.
+//
+// This is not reliably supported on all platforms which implement |fork|, so it
+// should only be used as a hardening measure.
+OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);
+
+// CRYPTO_fork_detect_force_madv_wipeonfork_for_testing is an internal detail
+// used for testing purposes.
+OPENSSL_EXPORT void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(
+ int on);
+
+
#if defined(__cplusplus)
} // extern C
#endif
diff --git a/crypto/crypto.c b/crypto/crypto.c
index ddf4038..155e7b4 100644
--- a/crypto/crypto.c
+++ b/crypto/crypto.c
@@ -16,7 +16,6 @@
#include <assert.h>
-#include "fipsmodule/rand/fork_detect.h"
#include "fipsmodule/rand/internal.h"
#include "bcm_support.h"
#include "internal.h"
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index d9cc6c3..4ec382b 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -93,7 +93,6 @@
#include "modes/ofb.c"
#include "modes/polyval.c"
#include "rand/ctrdrbg.c"
-#include "rand/fork_detect.c"
#include "rand/rand.c"
#include "rsa/blinding.c"
#include "rsa/padding.c"
diff --git a/crypto/fipsmodule/rand/fork_detect.h b/crypto/fipsmodule/rand/fork_detect.h
deleted file mode 100644
index 0fb275c..0000000
--- a/crypto/fipsmodule/rand/fork_detect.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/* Copyright (c) 2020, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-#ifndef OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
-#define OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
-
-#include <openssl/base.h>
-
-#if defined(OPENSSL_LINUX)
-// On linux we use MADVISE instead of pthread_atfork(), due
-// to concerns about clone() being used for address space
-// duplication.
-#define OPENSSL_FORK_DETECTION
-#define OPENSSL_FORK_DETECTION_MADVISE
-#elif defined(OPENSSL_MACOS) || defined(OPENSSL_IOS) || \
- defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD)
-// These platforms may detect address space duplication with pthread_atfork.
-// iOS doesn't normally allow fork in apps, but it's there.
-#define OPENSSL_FORK_DETECTION
-#define OPENSSL_FORK_DETECTION_PTHREAD_ATFORK
-#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY) || \
- defined(__ZEPHYR__) || defined(CROS_EC)
-// These platforms do not fork.
-#define OPENSSL_DOES_NOT_FORK
-#endif
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-
-// crypto_get_fork_generation returns the fork generation number for the current
-// process, or zero if not supported on the platform. The fork generation number
-// is a non-zero, strictly-monotonic counter with the property that, if queried
-// in an address space and then again in a subsequently forked copy, the forked
-// address space will observe a greater value.
-//
-// This function may be used to clear cached values across a fork. When
-// initializing a cache, record the fork generation. Before using the cache,
-// check if the fork generation has changed. If so, drop the cache and update
-// the save fork generation. Note this logic transparently handles platforms
-// which always return zero.
-//
-// This is not reliably supported on all platforms which implement |fork|, so it
-// should only be used as a hardening measure.
-OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);
-
-// CRYPTO_fork_detect_force_madv_wipeonfork_for_testing is an internal detail
-// used for testing purposes.
-OPENSSL_EXPORT void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(
- int on);
-
-#if defined(__cplusplus)
-} // extern C
-#endif
-
-#endif // OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c
index b8fbbdc..2f1d76b 100644
--- a/crypto/fipsmodule/rsa/rsa_impl.c
+++ b/crypto/fipsmodule/rsa/rsa_impl.c
@@ -65,10 +65,10 @@
#include <openssl/mem.h>
#include <openssl/thread.h>
+#include "../../bcm_support.h"
#include "../../internal.h"
#include "../bn/internal.h"
#include "../delocate.h"
-#include "../rand/fork_detect.h"
#include "../service_indicator/internal.h"
#include "internal.h"
diff --git a/crypto/fipsmodule/rand/fork_detect.c b/crypto/rand_extra/fork_detect.c
similarity index 81%
rename from crypto/fipsmodule/rand/fork_detect.c
rename to crypto/rand_extra/fork_detect.c
index a2cf3a0..99be497 100644
--- a/crypto/fipsmodule/rand/fork_detect.c
+++ b/crypto/rand_extra/fork_detect.c
@@ -16,8 +16,7 @@
#define _GNU_SOURCE // needed for madvise() and MAP_ANONYMOUS on Linux.
#endif
-#include <openssl/base.h>
-#include "fork_detect.h"
+#include "../bcm_support.h"
#if defined(OPENSSL_FORK_DETECTION_MADVISE)
#include <unistd.h>
@@ -35,19 +34,18 @@
#include <pthread.h>
#endif // OPENSSL_FORK_DETECTION_MADVISE
-#include "../delocate.h"
-#include "../../internal.h"
+#include "../internal.h"
#if defined(OPENSSL_FORK_DETECTION_MADVISE)
-DEFINE_BSS_GET(int, g_force_madv_wipeonfork);
-DEFINE_BSS_GET(int, g_force_madv_wipeonfork_enabled);
-DEFINE_STATIC_ONCE(g_fork_detect_once);
-DEFINE_STATIC_MUTEX(g_fork_detect_lock);
-DEFINE_BSS_GET(CRYPTO_atomic_u32 *, g_fork_detect_addr);
-DEFINE_BSS_GET(uint64_t, g_fork_generation);
+static int g_force_madv_wipeonfork;
+static int g_force_madv_wipeonfork_enabled;
+static CRYPTO_once_t g_fork_detect_once = CRYPTO_ONCE_INIT;
+static CRYPTO_MUTEX g_fork_detect_lock = CRYPTO_MUTEX_INIT;
+static CRYPTO_atomic_u32 * g_fork_detect_addr;
+static uint64_t g_fork_generation;
static void init_fork_detect(void) {
- if (*g_force_madv_wipeonfork_bss_get()) {
+ if (g_force_madv_wipeonfork) {
return;
}
@@ -74,13 +72,13 @@
}
CRYPTO_atomic_store_u32(addr, 1);
- *g_fork_detect_addr_bss_get() = addr;
- *g_fork_generation_bss_get() = 1;
+ g_fork_detect_addr = addr;
+ g_fork_generation = 1;
}
uint64_t CRYPTO_get_fork_generation(void) {
- CRYPTO_once(g_fork_detect_once_bss_get(), init_fork_detect);
+ CRYPTO_once(&g_fork_detect_once, init_fork_detect);
// In a single-threaded process, there are obviously no races because there's
// only a single mutator in the address space.
@@ -93,12 +91,12 @@
// child process is single-threaded, the child may become multi-threaded
// before it observes this. Therefore, we must synchronize the logic below.
- CRYPTO_atomic_u32 *const flag_ptr = *g_fork_detect_addr_bss_get();
+ CRYPTO_atomic_u32 *const flag_ptr = g_fork_detect_addr;
if (flag_ptr == NULL) {
// Our kernel is too old to support |MADV_WIPEONFORK| or
// |g_force_madv_wipeonfork| is set.
- if (*g_force_madv_wipeonfork_bss_get() &&
- *g_force_madv_wipeonfork_enabled_bss_get()) {
+ if (g_force_madv_wipeonfork &&
+ g_force_madv_wipeonfork_enabled) {
// A constant generation number to simulate support, even if the kernel
// doesn't support it.
return 42;
@@ -114,7 +112,7 @@
// In the common case, try to observe the flag without taking a lock. This
// avoids cacheline contention in the PRNG.
- uint64_t *const generation_ptr = g_fork_generation_bss_get();
+ uint64_t *const generation_ptr = &g_fork_generation;
if (CRYPTO_atomic_load_u32(flag_ptr) != 0) {
// If we observe a non-zero flag, it is safe to read |generation_ptr|
// without a lock. The flag and generation number are fixed for this copy of
@@ -125,7 +123,7 @@
// The flag was zero. The generation number must be incremented, but other
// threads may have concurrently observed the zero, so take a lock before
// incrementing.
- CRYPTO_MUTEX *const lock = g_fork_detect_lock_bss_get();
+ CRYPTO_MUTEX *const lock = &g_fork_detect_lock;
CRYPTO_MUTEX_lock_write(lock);
uint64_t current_generation = *generation_ptr;
if (CRYPTO_atomic_load_u32(flag_ptr) == 0) {
@@ -147,35 +145,35 @@
}
void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(int on) {
- *g_force_madv_wipeonfork_bss_get() = 1;
- *g_force_madv_wipeonfork_enabled_bss_get() = on;
+ g_force_madv_wipeonfork = 1;
+ g_force_madv_wipeonfork_enabled = on;
}
#elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK)
-DEFINE_STATIC_ONCE(g_pthread_fork_detection_once);
-DEFINE_BSS_GET(uint64_t, g_atfork_fork_generation);
+static CRYPTO_once_t g_pthread_fork_detection_once = CRYPTO_ONCE_INIT;
+static uint64_t g_atfork_fork_generation;
static void we_are_forked(void) {
// Immediately after a fork, the process must be single-threaded.
- uint64_t value = *g_atfork_fork_generation_bss_get() + 1;
+ uint64_t value = g_atfork_fork_generation + 1;
if (value == 0) {
value = 1;
}
- *g_atfork_fork_generation_bss_get() = value;
+ g_atfork_fork_generation = value;
}
static void init_pthread_fork_detection(void) {
if (pthread_atfork(NULL, NULL, we_are_forked) != 0) {
abort();
}
- *g_atfork_fork_generation_bss_get() = 1;
+ g_atfork_fork_generation = 1;
}
uint64_t CRYPTO_get_fork_generation(void) {
- CRYPTO_once(g_pthread_fork_detection_once_bss_get(), init_pthread_fork_detection);
+ CRYPTO_once(&g_pthread_fork_detection_once, init_pthread_fork_detection);
- return *g_atfork_fork_generation_bss_get();
+ return g_atfork_fork_generation;
}
#elif defined(OPENSSL_DOES_NOT_FORK)
diff --git a/crypto/fipsmodule/rand/fork_detect_test.cc b/crypto/rand_extra/fork_detect_test.cc
similarity index 99%
rename from crypto/fipsmodule/rand/fork_detect_test.cc
rename to crypto/rand_extra/fork_detect_test.cc
index f9cde28..2e30456 100644
--- a/crypto/fipsmodule/rand/fork_detect_test.cc
+++ b/crypto/rand_extra/fork_detect_test.cc
@@ -14,7 +14,7 @@
#include <openssl/base.h>
-#include "fork_detect.h"
+#include "../bcm_support.h"
// TSAN cannot cope with this test and complains that "starting new threads
// after multi-threaded fork is not supported".
diff --git a/crypto/rand_extra/rand_test.cc b/crypto/rand_extra/rand_test.cc
index 1af28b0..6a8b2c7 100644
--- a/crypto/rand_extra/rand_test.cc
+++ b/crypto/rand_extra/rand_test.cc
@@ -20,7 +20,7 @@
#include <openssl/span.h>
-#include "../fipsmodule/rand/fork_detect.h"
+#include "../bcm_support.h"
#include "../fipsmodule/rand/internal.h"
#include "../test/abi_test.h"
#include "../test/test_util.h"
diff --git a/gen/sources.bzl b/gen/sources.bzl
index 1566051..dcb7776 100644
--- a/gen/sources.bzl
+++ b/gen/sources.bzl
@@ -81,7 +81,6 @@
"crypto/fipsmodule/modes/ofb.c",
"crypto/fipsmodule/modes/polyval.c",
"crypto/fipsmodule/rand/ctrdrbg.c",
- "crypto/fipsmodule/rand/fork_detect.c",
"crypto/fipsmodule/rand/rand.c",
"crypto/fipsmodule/rsa/blinding.c",
"crypto/fipsmodule/rsa/padding.c",
@@ -390,6 +389,7 @@
"crypto/poly1305/poly1305_vec.c",
"crypto/pool/pool.c",
"crypto/rand_extra/deterministic.c",
+ "crypto/rand_extra/fork_detect.c",
"crypto/rand_extra/forkunsafe.c",
"crypto/rand_extra/getentropy.c",
"crypto/rand_extra/ios.c",
@@ -615,7 +615,6 @@
"crypto/fipsmodule/ecdsa/internal.h",
"crypto/fipsmodule/md5/internal.h",
"crypto/fipsmodule/modes/internal.h",
- "crypto/fipsmodule/rand/fork_detect.h",
"crypto/fipsmodule/rand/internal.h",
"crypto/fipsmodule/rsa/internal.h",
"crypto/fipsmodule/service_indicator/internal.h",
@@ -725,7 +724,6 @@
"crypto/fipsmodule/md5/md5_test.cc",
"crypto/fipsmodule/modes/gcm_test.cc",
"crypto/fipsmodule/rand/ctrdrbg_test.cc",
- "crypto/fipsmodule/rand/fork_detect_test.cc",
"crypto/fipsmodule/service_indicator/service_indicator_test.cc",
"crypto/fipsmodule/sha/sha_test.cc",
"crypto/hmac_extra/hmac_test.cc",
@@ -744,8 +742,10 @@
"crypto/pkcs8/pkcs8_test.cc",
"crypto/poly1305/poly1305_test.cc",
"crypto/pool/pool_test.cc",
+ "crypto/rand_extra/fork_detect_test.cc",
"crypto/rand_extra/getentropy_test.cc",
"crypto/rand_extra/rand_test.cc",
+ "crypto/rand_extra/rand_test.cc",
"crypto/refcount_test.cc",
"crypto/rsa_extra/rsa_test.cc",
"crypto/self_test.cc",
diff --git a/gen/sources.cmake b/gen/sources.cmake
index 5956a7c..5d73071 100644
--- a/gen/sources.cmake
+++ b/gen/sources.cmake
@@ -85,7 +85,6 @@
crypto/fipsmodule/modes/ofb.c
crypto/fipsmodule/modes/polyval.c
crypto/fipsmodule/rand/ctrdrbg.c
- crypto/fipsmodule/rand/fork_detect.c
crypto/fipsmodule/rand/rand.c
crypto/fipsmodule/rsa/blinding.c
crypto/fipsmodule/rsa/padding.c
@@ -404,6 +403,7 @@
crypto/poly1305/poly1305_vec.c
crypto/pool/pool.c
crypto/rand_extra/deterministic.c
+ crypto/rand_extra/fork_detect.c
crypto/rand_extra/forkunsafe.c
crypto/rand_extra/getentropy.c
crypto/rand_extra/ios.c
@@ -633,7 +633,6 @@
crypto/fipsmodule/ecdsa/internal.h
crypto/fipsmodule/md5/internal.h
crypto/fipsmodule/modes/internal.h
- crypto/fipsmodule/rand/fork_detect.h
crypto/fipsmodule/rand/internal.h
crypto/fipsmodule/rsa/internal.h
crypto/fipsmodule/service_indicator/internal.h
@@ -749,7 +748,6 @@
crypto/fipsmodule/md5/md5_test.cc
crypto/fipsmodule/modes/gcm_test.cc
crypto/fipsmodule/rand/ctrdrbg_test.cc
- crypto/fipsmodule/rand/fork_detect_test.cc
crypto/fipsmodule/service_indicator/service_indicator_test.cc
crypto/fipsmodule/sha/sha_test.cc
crypto/hmac_extra/hmac_test.cc
@@ -768,8 +766,10 @@
crypto/pkcs8/pkcs8_test.cc
crypto/poly1305/poly1305_test.cc
crypto/pool/pool_test.cc
+ crypto/rand_extra/fork_detect_test.cc
crypto/rand_extra/getentropy_test.cc
crypto/rand_extra/rand_test.cc
+ crypto/rand_extra/rand_test.cc
crypto/refcount_test.cc
crypto/rsa_extra/rsa_test.cc
crypto/self_test.cc
diff --git a/gen/sources.gni b/gen/sources.gni
index 55574c3..19601f8 100644
--- a/gen/sources.gni
+++ b/gen/sources.gni
@@ -81,7 +81,6 @@
"crypto/fipsmodule/modes/ofb.c",
"crypto/fipsmodule/modes/polyval.c",
"crypto/fipsmodule/rand/ctrdrbg.c",
- "crypto/fipsmodule/rand/fork_detect.c",
"crypto/fipsmodule/rand/rand.c",
"crypto/fipsmodule/rsa/blinding.c",
"crypto/fipsmodule/rsa/padding.c",
@@ -390,6 +389,7 @@
"crypto/poly1305/poly1305_vec.c",
"crypto/pool/pool.c",
"crypto/rand_extra/deterministic.c",
+ "crypto/rand_extra/fork_detect.c",
"crypto/rand_extra/forkunsafe.c",
"crypto/rand_extra/getentropy.c",
"crypto/rand_extra/ios.c",
@@ -615,7 +615,6 @@
"crypto/fipsmodule/ecdsa/internal.h",
"crypto/fipsmodule/md5/internal.h",
"crypto/fipsmodule/modes/internal.h",
- "crypto/fipsmodule/rand/fork_detect.h",
"crypto/fipsmodule/rand/internal.h",
"crypto/fipsmodule/rsa/internal.h",
"crypto/fipsmodule/service_indicator/internal.h",
@@ -725,7 +724,6 @@
"crypto/fipsmodule/md5/md5_test.cc",
"crypto/fipsmodule/modes/gcm_test.cc",
"crypto/fipsmodule/rand/ctrdrbg_test.cc",
- "crypto/fipsmodule/rand/fork_detect_test.cc",
"crypto/fipsmodule/service_indicator/service_indicator_test.cc",
"crypto/fipsmodule/sha/sha_test.cc",
"crypto/hmac_extra/hmac_test.cc",
@@ -744,8 +742,10 @@
"crypto/pkcs8/pkcs8_test.cc",
"crypto/poly1305/poly1305_test.cc",
"crypto/pool/pool_test.cc",
+ "crypto/rand_extra/fork_detect_test.cc",
"crypto/rand_extra/getentropy_test.cc",
"crypto/rand_extra/rand_test.cc",
+ "crypto/rand_extra/rand_test.cc",
"crypto/refcount_test.cc",
"crypto/rsa_extra/rsa_test.cc",
"crypto/self_test.cc",
diff --git a/gen/sources.json b/gen/sources.json
index d6ef92d..1870ecc 100644
--- a/gen/sources.json
+++ b/gen/sources.json
@@ -66,7 +66,6 @@
"crypto/fipsmodule/modes/ofb.c",
"crypto/fipsmodule/modes/polyval.c",
"crypto/fipsmodule/rand/ctrdrbg.c",
- "crypto/fipsmodule/rand/fork_detect.c",
"crypto/fipsmodule/rand/rand.c",
"crypto/fipsmodule/rsa/blinding.c",
"crypto/fipsmodule/rsa/padding.c",
@@ -374,6 +373,7 @@
"crypto/poly1305/poly1305_vec.c",
"crypto/pool/pool.c",
"crypto/rand_extra/deterministic.c",
+ "crypto/rand_extra/fork_detect.c",
"crypto/rand_extra/forkunsafe.c",
"crypto/rand_extra/getentropy.c",
"crypto/rand_extra/ios.c",
@@ -597,7 +597,6 @@
"crypto/fipsmodule/ecdsa/internal.h",
"crypto/fipsmodule/md5/internal.h",
"crypto/fipsmodule/modes/internal.h",
- "crypto/fipsmodule/rand/fork_detect.h",
"crypto/fipsmodule/rand/internal.h",
"crypto/fipsmodule/rsa/internal.h",
"crypto/fipsmodule/service_indicator/internal.h",
@@ -706,7 +705,6 @@
"crypto/fipsmodule/md5/md5_test.cc",
"crypto/fipsmodule/modes/gcm_test.cc",
"crypto/fipsmodule/rand/ctrdrbg_test.cc",
- "crypto/fipsmodule/rand/fork_detect_test.cc",
"crypto/fipsmodule/service_indicator/service_indicator_test.cc",
"crypto/fipsmodule/sha/sha_test.cc",
"crypto/hmac_extra/hmac_test.cc",
@@ -725,8 +723,10 @@
"crypto/pkcs8/pkcs8_test.cc",
"crypto/poly1305/poly1305_test.cc",
"crypto/pool/pool_test.cc",
+ "crypto/rand_extra/fork_detect_test.cc",
"crypto/rand_extra/getentropy_test.cc",
"crypto/rand_extra/rand_test.cc",
+ "crypto/rand_extra/rand_test.cc",
"crypto/refcount_test.cc",
"crypto/rsa_extra/rsa_test.cc",
"crypto/self_test.cc",
