[Cryptography] Fast-key-erasure RNG and fork()ing

Florian Weimer fw at deneb.enyo.de
Wed Jun 27 14:34:41 EDT 2018

* Peter Gutmann:

> That's actually much less portable than pthread_atfork(), and also
> nowhere near as clean.  With atfork you get immediate notification
> via a signal-like mechanism that the process has forked, with
> INHERIT_ZERO you have to carefully check your pool contents from
> each bit of code that accesses it to see whether its suddenly gone
> to zero,

That's not necessary except perhaps on Solaris, where there is a
forkall system call (which I believe does not work in general anyway).

On the majority of systems, only the current thread survives in the
new process.  You cannot return from a signal handler that has called
fork.  This leaves a fairly limited range of synchronization issues to
deal with, and INHERIT_ZERO actually simplifies them a lot.
(Particularly on systems where fork handlers do not generally run on

More information about the cryptography mailing list