From d5f253c9684406f0ad968807b81dea284514c3f7 Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 4 Nov 2025 16:21:02 -0800 Subject: [PATCH 1/2] Rename fork to fork UBE --- crypto/CMakeLists.txt | 4 +- crypto/fipsmodule/rand/rand_test.cc | 8 ++-- crypto/fipsmodule/rsa/rsa_impl.c | 4 +- crypto/rand_extra/urandom_test.cc | 4 +- crypto/test/test_util.cc | 6 +-- crypto/test/test_util.h | 2 +- .../ube/{fork_detect.c => fork_ube_detect.c} | 48 +++++++++---------- .../ube/{fork_detect.h => fork_ube_detect.h} | 8 ++-- ...detect_test.cc => fork_ube_detect_test.cc} | 14 +++--- crypto/ube/internal.h | 8 ++-- crypto/ube/ube.c | 8 ++-- crypto/ube/ube_test.cc | 6 +-- util/all_tests.json | 16 +++---- 13 files changed, 68 insertions(+), 68 deletions(-) rename crypto/ube/{fork_detect.c => fork_ube_detect.c} (89%) rename crypto/ube/{fork_detect.h => fork_ube_detect.h} (91%) rename crypto/ube/{fork_detect_test.cc => fork_ube_detect_test.cc} (93%) diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 72df55ebdce..8755ea5e98a 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -504,7 +504,7 @@ add_library( trust_token/trust_token.c trust_token/voprf.c ube/ube.c - ube/fork_detect.c + ube/fork_ube_detect.c ube/vm_ube_detect.c x509/a_digest.c x509/a_sign.c @@ -875,7 +875,7 @@ if(BUILD_TESTING) thread_test.cc trust_token/trust_token_test.cc ube/ube_test.cc - ube/fork_detect_test.cc + ube/fork_ube_detect_test.cc ube/vm_ube_detect_test.cc x509/tab_test.cc x509/x509_test.cc diff --git a/crypto/fipsmodule/rand/rand_test.cc b/crypto/fipsmodule/rand/rand_test.cc index 8739ceaeabf..4def19ca06f 100644 --- a/crypto/fipsmodule/rand/rand_test.cc +++ b/crypto/fipsmodule/rand/rand_test.cc @@ -226,7 +226,7 @@ TEST_F(randTest, UbeDetectionMocked) { MockedUbeDetection( [](uint64_t gn) { - set_fork_generation_number_FOR_TESTING(gn); + set_fork_ube_generation_number_FOR_TESTING(gn); } ); @@ -245,7 +245,7 @@ TEST_F(randTest, UbeDetectionMocked) { TEST_F(randTest, NotObviouslyBroken) { static const uint8_t kZeros[256] = {0}; - maybeDisableSomeForkDetectMechanisms(); + maybeDisableSomeForkUbeDetectMechanisms(); uint8_t buf1[256], buf2[256]; RAND_bytes(buf1, sizeof(buf1)); @@ -330,7 +330,7 @@ static bool ForkAndRand(bssl::Span out) { TEST_F(randTest, Fork) { static const uint8_t kZeros[16] = {0}; - maybeDisableSomeForkDetectMechanisms(); + maybeDisableSomeForkUbeDetectMechanisms(); // Draw a little entropy to initialize any internal PRNG buffering. uint8_t byte; @@ -393,7 +393,7 @@ TEST_F(randTest, Threads) { constexpr size_t kFewerThreads = 10; constexpr size_t kMoreThreads = 20; - maybeDisableSomeForkDetectMechanisms(); + maybeDisableSomeForkUbeDetectMechanisms(); // Draw entropy in parallel. RunConcurrentRands(kFewerThreads); diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c index c9bd06d9f69..df042613029 100644 --- a/crypto/fipsmodule/rsa/rsa_impl.c +++ b/crypto/fipsmodule/rsa/rsa_impl.c @@ -70,7 +70,7 @@ #include "../bn/internal.h" #include "../../internal.h" #include "../delocate.h" -#include "../../ube/fork_detect.h" +#include "../../ube/fork_ube_detect.h" static int ensure_fixed_copy(BIGNUM **out, const BIGNUM *in, int width) { if (*out != NULL) { @@ -252,7 +252,7 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, size_t *index_used, assert(rsa->mont_n != NULL); BN_BLINDING *ret = NULL; - const uint64_t fork_generation = CRYPTO_get_fork_generation(); + const uint64_t fork_generation = CRYPTO_get_fork_ube_generation(); CRYPTO_MUTEX_lock_write(&rsa->lock); // Wipe the blinding cache on |fork|. diff --git a/crypto/rand_extra/urandom_test.cc b/crypto/rand_extra/urandom_test.cc index 98eafc6c441..67750dc826f 100644 --- a/crypto/rand_extra/urandom_test.cc +++ b/crypto/rand_extra/urandom_test.cc @@ -37,7 +37,7 @@ #include #include -#include "../ube/fork_detect.h" +#include "../ube/fork_ube_detect.h" #include "getrandom_fillin.h" #include "../test/test_util.h" @@ -631,7 +631,7 @@ TEST(URandomTest, Test) { int main(int argc, char **argv) { ::testing::InitGoogleTest(&argc, argv); - maybeDisableSomeForkDetectMechanisms(); + maybeDisableSomeForkUbeDetectMechanisms(); return RUN_ALL_TESTS(); } diff --git a/crypto/test/test_util.cc b/crypto/test/test_util.cc index 363b147ff3a..ef34b6a5d0f 100644 --- a/crypto/test/test_util.cc +++ b/crypto/test/test_util.cc @@ -30,7 +30,7 @@ #include #include "../internal.h" -#include "../ube/fork_detect.h" +#include "../ube/fork_ube_detect.h" #include "openssl/pem.h" #include "openssl/rand.h" @@ -370,8 +370,8 @@ bool forkAndRunTest(std::function child_func, #endif } -void maybeDisableSomeForkDetectMechanisms(void) { - if (getenv("BORINGSSL_IGNORE_FORK_DETECTION")) { +void maybeDisableSomeForkUbeDetectMechanisms(void) { + if (getenv("AWSLC_IGNORE_FORK_UBE_DETECTION")) { CRYPTO_fork_detect_ignore_wipeonfork_FOR_TESTING(); CRYPTO_fork_detect_ignore_inheritzero_FOR_TESTING(); } diff --git a/crypto/test/test_util.h b/crypto/test/test_util.h index 4f13fedc3e7..b4fe351eefe 100644 --- a/crypto/test/test_util.h +++ b/crypto/test/test_util.h @@ -137,7 +137,7 @@ bool threadTest(const size_t numberOfThreads, bool forkAndRunTest(std::function child_func, std::function parent_func); -void maybeDisableSomeForkDetectMechanisms(void); +void maybeDisableSomeForkUbeDetectMechanisms(void); bool runtimeEmulationIsIntelSde(void); bool addressSanitizerIsEnabled(void); diff --git a/crypto/ube/fork_detect.c b/crypto/ube/fork_ube_detect.c similarity index 89% rename from crypto/ube/fork_detect.c rename to crypto/ube/fork_ube_detect.c index 91116fe2fcc..49697dc18a2 100644 --- a/crypto/ube/fork_detect.c +++ b/crypto/ube/fork_ube_detect.c @@ -26,12 +26,12 @@ // can't do anything. In this case randomness generation falls back to // randomizing the state per-request. #if defined(OPENSSL_LINUX) - #define AWSLC_FORK_DETECTION_SUPPORTED + #define AWSLC_FORK_UBE_DETECTION_SUPPORTED #if !defined(_GNU_SOURCE) #define _GNU_SOURCE // Needed for madvise() and MAP_ANONYMOUS. #endif #elif defined(OPENSSL_FREEBSD) || defined(OPENSSL_OPENBSD) || defined(OPENSSL_NETBSD) - #define AWSLC_FORK_DETECTION_SUPPORTED + #define AWSLC_FORK_UBE_DETECTION_SUPPORTED // FreeBSD requires POSIX compatibility off for its syscalls // (enables __BSD_VISIBLE). Without the below line, cannot be // imported (it requires __BSD_VISIBLE). @@ -40,14 +40,14 @@ #define AWSLC_PLATFORM_DOES_NOT_FORK #endif -#include "fork_detect.h" +#include "fork_ube_detect.h" #include "../internal.h" static struct CRYPTO_STATIC_MUTEX ignore_testing_lock = CRYPTO_STATIC_MUTEX_INIT; static int ignore_wipeonfork = 0; static int ignore_inheritzero = 0; -#if defined(AWSLC_FORK_DETECTION_SUPPORTED) +#if defined(AWSLC_FORK_UBE_DETECTION_SUPPORTED) #include #include @@ -56,16 +56,16 @@ static int ignore_inheritzero = 0; #include -static CRYPTO_once_t fork_detect_once = CRYPTO_ONCE_INIT; -static struct CRYPTO_STATIC_MUTEX fork_detect_lock = CRYPTO_STATIC_MUTEX_INIT; +static CRYPTO_once_t fork_detect_ube_once = CRYPTO_ONCE_INIT; +static struct CRYPTO_STATIC_MUTEX fork_detect_ube_lock = CRYPTO_STATIC_MUTEX_INIT; // This value (pointed to) is |volatile| because the value pointed to may be // changed by external forces (i.e. the kernel wiping the page) thus the // compiler must not assume that it has exclusive access to it. static volatile char *fork_detect_addr = NULL; -static uint64_t fork_generation = 0; +static uint64_t fgn = 0; -static int ignore_all_fork_detection(void) { +static int ignore_all_fork_ube_detection(void) { CRYPTO_STATIC_MUTEX_lock_read(&ignore_testing_lock); if (ignore_wipeonfork == 1 && @@ -184,7 +184,7 @@ static void init_fork_detect(void) { void *addr = MAP_FAILED; long page_size = 0; - if (ignore_all_fork_detection() == 1) { + if (ignore_all_fork_ube_detection() == 1) { return; } @@ -216,10 +216,10 @@ static void init_fork_detect(void) { *((volatile char *) addr) = 1; fork_detect_addr = addr; - fork_generation = 1; + fgn = 1; } -uint64_t CRYPTO_get_fork_generation(void) { +uint64_t CRYPTO_get_fork_ube_generation(void) { // In a single-threaded process, there are obviously no races because there's // only a single mutator in the address space. // @@ -234,7 +234,7 @@ uint64_t CRYPTO_get_fork_generation(void) { // // One cannot convert this to thread-local values to avoid locking. See e.g. // https://github.com/aws/s2n-tls/issues/3107. - CRYPTO_once(&fork_detect_once, init_fork_detect); + CRYPTO_once(&fork_detect_ube_once, init_fork_detect); volatile char *const flag_ptr = fork_detect_addr; if (flag_ptr == NULL) { @@ -242,31 +242,31 @@ uint64_t CRYPTO_get_fork_generation(void) { return 0; } - struct CRYPTO_STATIC_MUTEX *const lock = &fork_detect_lock; + struct CRYPTO_STATIC_MUTEX *const lock = &fork_detect_ube_lock; CRYPTO_STATIC_MUTEX_lock_read(lock); - uint64_t current_generation = fork_generation; + uint64_t current_fgn = fgn; if (*flag_ptr) { CRYPTO_STATIC_MUTEX_unlock_read(lock); - return current_generation; + return current_fgn; } CRYPTO_STATIC_MUTEX_unlock_read(lock); CRYPTO_STATIC_MUTEX_lock_write(lock); - current_generation = fork_generation; + current_fgn = fgn; if (*flag_ptr == 0) { // A fork has occurred. *flag_ptr = 1; - current_generation++; - if (current_generation == 0) { - current_generation = 1; + current_fgn++; + if (current_fgn == 0) { + current_fgn = 1; } - fork_generation = current_generation; + fgn = current_fgn; } CRYPTO_STATIC_MUTEX_unlock_write(lock); - return current_generation; + return current_fgn; } #elif defined(AWSLC_PLATFORM_DOES_NOT_FORK) @@ -275,7 +275,7 @@ uint64_t CRYPTO_get_fork_generation(void) { // fork detection support. Returning a constant non zero value makes BoringSSL // assume address space duplication is not a concern and adding entropy to // every RAND_bytes call is not needed. -uint64_t CRYPTO_get_fork_generation(void) { return 0xc0ffee; } +uint64_t CRYPTO_get_fgn(void) { return 0xc0ffee; } #else @@ -283,9 +283,9 @@ uint64_t CRYPTO_get_fork_generation(void) { return 0xc0ffee; } // place. Returning a constant zero value makes BoringSSL assume that address // space duplication could have occured on any call entropy must be added to // every RAND_bytes call. -uint64_t CRYPTO_get_fork_generation(void) { return 0; } +uint64_t CRYPTO_get_fgn(void) { return 0; } -#endif // defined(AWSLC_FORK_DETECTION_SUPPORTED) +#endif // defined(AWSLC_FORK_UBE_DETECTION_SUPPORTED) void CRYPTO_fork_detect_ignore_wipeonfork_FOR_TESTING(void) { CRYPTO_STATIC_MUTEX_lock_write(&ignore_testing_lock); diff --git a/crypto/ube/fork_detect.h b/crypto/ube/fork_ube_detect.h similarity index 91% rename from crypto/ube/fork_detect.h rename to crypto/ube/fork_ube_detect.h index 71f4b355ce7..f91299d1056 100644 --- a/crypto/ube/fork_detect.h +++ b/crypto/ube/fork_ube_detect.h @@ -12,8 +12,8 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef OPENSSL_HEADER_CRYPTO_FORK_DETECT_H -#define OPENSSL_HEADER_CRYPTO_FORK_DETECT_H +#ifndef OPENSSL_HEADER_CRYPTO_FORK_UBE_DETECT_H +#define OPENSSL_HEADER_CRYPTO_FORK_UBE_DETECT_H #include @@ -38,7 +38,7 @@ extern "C" { // // This is not reliably supported on all platforms which implement |fork|, so it // should only be used as a hardening measure. -OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void); +OPENSSL_EXPORT uint64_t CRYPTO_get_fork_ube_generation(void); // CRYPTO_fork_detect_ignore_wipeonfork_FOR_TESTING is an internal detail // used for testing purposes. @@ -53,4 +53,4 @@ OPENSSL_EXPORT void CRYPTO_fork_detect_ignore_inheritzero_FOR_TESTING(void); } // extern C #endif -#endif // OPENSSL_HEADER_CRYPTO_FORK_DETECT_H +#endif // OPENSSL_HEADER_CRYPTO_FORK_UBE_DETECT_H diff --git a/crypto/ube/fork_detect_test.cc b/crypto/ube/fork_ube_detect_test.cc similarity index 93% rename from crypto/ube/fork_detect_test.cc rename to crypto/ube/fork_ube_detect_test.cc index 9c9fd69d90e..a52afbbb206 100644 --- a/crypto/ube/fork_detect_test.cc +++ b/crypto/ube/fork_ube_detect_test.cc @@ -38,7 +38,7 @@ #include -#include "fork_detect.h" +#include "fork_ube_detect.h" #include "../test/test_util.h" @@ -56,7 +56,7 @@ static pid_t WaitpidEINTR(pid_t pid, int *out_status, int options) { // |stderr| and |_exit| rather than GTest. static void CheckGenerationInChild(const char *name, uint64_t expected) { - uint64_t generation = CRYPTO_get_fork_generation(); + uint64_t generation = CRYPTO_get_fork_ube_generation(); if (generation != expected) { fprintf(stderr, "%s generation (#1) was %" PRIu64 ", wanted %" PRIu64 ".\n", name, generation, expected); @@ -64,7 +64,7 @@ static void CheckGenerationInChild(const char *name, uint64_t expected) { } // The generation should be stable. - generation = CRYPTO_get_fork_generation(); + generation = CRYPTO_get_fork_ube_generation(); if (generation != expected) { fprintf(stderr, "%s generation (#2) was %" PRIu64 ", wanted %" PRIu64 ".\n", name, generation, expected); @@ -104,16 +104,16 @@ static void ForkInChild(std::function f) { TEST(ForkDetect, Test) { - maybeDisableSomeForkDetectMechanisms(); + maybeDisableSomeForkUbeDetectMechanisms(); - const uint64_t start = CRYPTO_get_fork_generation(); + const uint64_t start = CRYPTO_get_fork_ube_generation(); if (start == 0) { fprintf(stderr, "Fork detection not supported. Skipping test.\n"); return; } // The fork generation should be stable. - EXPECT_EQ(start, CRYPTO_get_fork_generation()); + EXPECT_EQ(start, CRYPTO_get_fork_ube_generation()); fflush(stderr); const pid_t child = fork(); @@ -165,7 +165,7 @@ TEST(ForkDetect, Test) { EXPECT_EQ(0, WEXITSTATUS(status)) << "Error in child process"; // We still observe |start|. - EXPECT_EQ(start, CRYPTO_get_fork_generation()); + EXPECT_EQ(start, CRYPTO_get_fork_ube_generation()); } #endif // OPENSSL_LINUX && !OPENSSL_TSAN diff --git a/crypto/ube/internal.h b/crypto/ube/internal.h index 1f05fde9132..280453f9abe 100644 --- a/crypto/ube/internal.h +++ b/crypto/ube/internal.h @@ -31,12 +31,12 @@ extern "C" { // entries will immediately return. OPENSSL_EXPORT int CRYPTO_get_ube_generation_number(uint64_t *current_generation_number); -// set_fork_generation_number_FOR_TESTING sets the fork generation number to the -// value |fork_gn|. This value will be the fork generation value used by the UBE -// logic, overriding the generation number from the real fork detection. +// set_fork_ube_generation_number_FOR_TESTING sets the fork generation number to +// the value |fork_gn|. This value will be the fork generation value used by the +// UBE logic, overriding the generation number from the real fork detection. // |allow_mocked_ube_detection_FOR_TESTING| must have been invoked // (once per-process) to allow mocking the fork generation number. -OPENSSL_EXPORT void set_fork_generation_number_FOR_TESTING(uint64_t fork_gn); +OPENSSL_EXPORT void set_fork_ube_generation_number_FOR_TESTING(uint64_t fork_gn); // set_vm_ube_generation_number_FOR_TESTING sets the vm_ube generation // number to the value |vm_ube_gn|. This value will be the vm_ube generation diff --git a/crypto/ube/ube.c b/crypto/ube/ube.c index 27c6706ffb2..4ef0892d5c9 100644 --- a/crypto/ube/ube.c +++ b/crypto/ube/ube.c @@ -3,7 +3,7 @@ #include -#include "fork_detect.h" +#include "fork_ube_detect.h" #include "vm_ube_detect.h" #include "internal.h" @@ -46,7 +46,7 @@ static uint8_t ube_detection_unavailable = 0; static uint8_t allow_mocked_detection = 0; static uint64_t override_fork_generation_number = 0; -void set_fork_generation_number_FOR_TESTING(uint64_t fork_gn) { +void set_fork_ube_generation_number_FOR_TESTING(uint64_t fork_gn) { CRYPTO_STATIC_MUTEX_lock_write(&ube_testing_lock); override_fork_generation_number = fork_gn; CRYPTO_STATIC_MUTEX_unlock_write(&ube_testing_lock); @@ -78,7 +78,7 @@ static int get_fork_generation_number(uint64_t *gn) { return 1; } - uint64_t fork_gn = CRYPTO_get_fork_generation(); + uint64_t fork_gn = CRYPTO_get_fork_ube_generation(); if (fork_gn == 0) { return 0; } @@ -283,6 +283,6 @@ void disable_mocked_ube_detection_FOR_TESTING(void) { allow_mocked_detection = 0; CRYPTO_STATIC_MUTEX_unlock_write(&ube_testing_lock); - set_fork_generation_number_FOR_TESTING(0); + set_fork_ube_generation_number_FOR_TESTING(0); set_vm_ube_generation_number_FOR_TESTING(0); } diff --git a/crypto/ube/ube_test.cc b/crypto/ube/ube_test.cc index 3eeb2ae2647..1a8e9b56e49 100644 --- a/crypto/ube/ube_test.cc +++ b/crypto/ube/ube_test.cc @@ -134,7 +134,7 @@ TEST_F(ubeGenerationNumberTest, MockedDetectionMethodTests) { MockedDetectionMethodTest( [](uint32_t gn) { - set_fork_generation_number_FOR_TESTING(static_cast(gn)); + set_fork_ube_generation_number_FOR_TESTING(static_cast(gn)); } ); @@ -146,14 +146,14 @@ TEST_F(ubeGenerationNumberTest, MockedDetectionMethodTests) { MockedDetectionMethodTest( [](uint32_t gn) { - set_fork_generation_number_FOR_TESTING(static_cast(gn)); + set_fork_ube_generation_number_FOR_TESTING(static_cast(gn)); set_vm_ube_generation_number_FOR_TESTING(gn); } ); MockedDetectionMethodTest( [](uint32_t gn) { - set_fork_generation_number_FOR_TESTING(static_cast(gn)); + set_fork_ube_generation_number_FOR_TESTING(static_cast(gn)); set_vm_ube_generation_number_FOR_TESTING(gn + 1); } ); diff --git a/util/all_tests.json b/util/all_tests.json index 5718347f82d..9f80db391a4 100644 --- a/util/all_tests.json +++ b/util/all_tests.json @@ -88,35 +88,35 @@ "target_arch": "x86" }, { - "comment": "No RDRAND and without fork detection", + "comment": "No RDRAND and without fork UBE detection", "cmd": ["crypto/urandom_test"], - "env": ["OPENSSL_ia32cap=~0x4000000000000000", "BORINGSSL_IGNORE_FORK_DETECTION=1"], + "env": ["OPENSSL_ia32cap=~0x4000000000000000", "AWSLC_IGNORE_FORK_UBE_DETECTION=1"], "skip_valgrind": true, "target_arch": "x86" }, { - "comment": "Potentially with RDRAND, but not Intel, and without fork detection", + "comment": "Potentially with RDRAND, but not Intel, and without fork UBE detection", "cmd": ["crypto/urandom_test"], - "env": ["OPENSSL_ia32cap=~0x0000000040000000", "BORINGSSL_IGNORE_FORK_DETECTION=1"], + "env": ["OPENSSL_ia32cap=~0x0000000040000000", "AWSLC_IGNORE_FORK_UBE_DETECTION=1"], "skip_valgrind": true, "target_arch": "x86" }, { - "comment": "Run RAND test suite without fork detection", + "comment": "Run RAND test suite without fork UBE detection", "cmd": ["crypto/crypto_test", "--gtest_filter=RandTest.*:-RandTest.Fork"], - "env": ["BORINGSSL_IGNORE_FORK_DETECTION=1"], + "env": ["AWSLC_IGNORE_FORK_UBE_DETECTION=1"], "skip_valgrind": true }, { "comment": "Run RAND test suite without MADV_WIPEONFORK enabled", "cmd": ["crypto/crypto_test", "--gtest_filter=RandTest.*"], - "env": ["BORINGSSL_IGNORE_FORK_DETECTION=1"], + "env": ["AWSLC_IGNORE_FORK_UBE_DETECTION=1"], "skip_valgrind": true }, { "comment": "Run fork detection test suite without MADV_WIPEONFORK enabled", "cmd": ["crypto/crypto_test", "--gtest_filter=ForkDetect.*"], - "env": ["BORINGSSL_IGNORE_FORK_DETECTION=1"], + "env": ["AWSLC_IGNORE_FORK_UBE_DETECTION=1"], "skip_valgrind": true }, { From 987287dfd84553ab9ef48595b65ba1895cc2622a Mon Sep 17 00:00:00 2001 From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com> Date: Tue, 4 Nov 2025 16:27:16 -0800 Subject: [PATCH 2/2] Correct renaming --- crypto/ube/fork_ube_detect.c | 4 ++-- crypto/ube/fork_ube_detect.h | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/crypto/ube/fork_ube_detect.c b/crypto/ube/fork_ube_detect.c index 49697dc18a2..68d562ad420 100644 --- a/crypto/ube/fork_ube_detect.c +++ b/crypto/ube/fork_ube_detect.c @@ -275,7 +275,7 @@ uint64_t CRYPTO_get_fork_ube_generation(void) { // fork detection support. Returning a constant non zero value makes BoringSSL // assume address space duplication is not a concern and adding entropy to // every RAND_bytes call is not needed. -uint64_t CRYPTO_get_fgn(void) { return 0xc0ffee; } +uint64_t CRYPTO_get_fork_ube_generation(void) { return 0xc0ffee; } #else @@ -283,7 +283,7 @@ uint64_t CRYPTO_get_fgn(void) { return 0xc0ffee; } // place. Returning a constant zero value makes BoringSSL assume that address // space duplication could have occured on any call entropy must be added to // every RAND_bytes call. -uint64_t CRYPTO_get_fgn(void) { return 0; } +uint64_t CRYPTO_get_fork_ube_generation(void) { return 0; } #endif // defined(AWSLC_FORK_UBE_DETECTION_SUPPORTED) diff --git a/crypto/ube/fork_ube_detect.h b/crypto/ube/fork_ube_detect.h index f91299d1056..9856461628a 100644 --- a/crypto/ube/fork_ube_detect.h +++ b/crypto/ube/fork_ube_detect.h @@ -24,11 +24,11 @@ extern "C" { #endif -// crypto_get_fork_generation returns the fork generation number for the current -// process, or zero if not supported on the platform. The fork generation number -// is a non-zero, strictly-monotonic counter with the property that, if queried -// in an address space and then again in a subsequently forked copy, the forked -// address space will observe a greater value. +// CRYPTO_get_fork_ube_generation returns the fork generation number for the +// current process, or zero if not supported on the platform. The fork +// generation number is a non-zero, strictly-monotonic counter with the property +// that, if queried in an address space and then again in a subsequently forked +// copy, the forked address space will observe a greater value. // // This function may be used to clear cached values across a fork. When // initializing a cache, record the fork generation. Before using the cache,