1 /* Copyright (c) 2020, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #ifndef OPENSSL_HEADER_CRYPTO_FORK_DETECT_H 16 #define OPENSSL_HEADER_CRYPTO_FORK_DETECT_H 17 18 #include <openssl/base.h> 19 20 #if defined(OPENSSL_LINUX) 21 // On linux we use MADVISE instead of pthread_atfork(), due 22 // to concerns about clone() being used for address space 23 // duplication. 24 #define OPENSSL_FORK_DETECTION 25 #define OPENSSL_FORK_DETECTION_MADVISE 26 #elif defined(OPENSSL_MACOS) || defined(OPENSSL_IOS) || \ 27 defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD) 28 // These platforms may detect address space duplication with pthread_atfork. 29 // iOS doesn't normally allow fork in apps, but it's there. 30 #define OPENSSL_FORK_DETECTION 31 #define OPENSSL_FORK_DETECTION_PTHREAD_ATFORK 32 #elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY) || \ 33 defined(__ZEPHYR__) || defined(CROS_EC) 34 // These platforms do not fork. 35 #define OPENSSL_DOES_NOT_FORK 36 #endif 37 38 #if defined(__cplusplus) 39 extern "C" { 40 #endif 41 42 43 // crypto_get_fork_generation returns the fork generation number for the current 44 // process, or zero if not supported on the platform. The fork generation number 45 // is a non-zero, strictly-monotonic counter with the property that, if queried 46 // in an address space and then again in a subsequently forked copy, the forked 47 // address space will observe a greater value. 48 // 49 // This function may be used to clear cached values across a fork. When 50 // initializing a cache, record the fork generation. Before using the cache, 51 // check if the fork generation has changed. If so, drop the cache and update 52 // the save fork generation. Note this logic transparently handles platforms 53 // which always return zero. 54 // 55 // This is not reliably supported on all platforms which implement |fork|, so it 56 // should only be used as a hardening measure. 57 OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void); 58 59 // CRYPTO_fork_detect_force_madv_wipeonfork_for_testing is an internal detail 60 // used for testing purposes. 61 OPENSSL_EXPORT void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing( 62 int on); 63 64 #if defined(__cplusplus) 65 } // extern C 66 #endif 67 68 #endif // OPENSSL_HEADER_CRYPTO_FORK_DETECT_H 69