[exim-cvs] Ensure OpenSSL entropy state reset across forks.

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Exim Git Commits Mailing List
Ημερομηνία:  
Προς: exim-cvs
Αντικείμενο: [exim-cvs] Ensure OpenSSL entropy state reset across forks.
Gitweb: http://git.exim.org/exim.git/commitdiff/de6135a0cbbeb4fbae7233a40563a241de1c237b
Commit:     de6135a0cbbeb4fbae7233a40563a241de1c237b
Parent:     700d22f3fc0cc559170e8085a1b799b61dceb738
Author:     Phil Pennock <pdp@???>
AuthorDate: Tue Apr 2 12:37:03 2013 -0400
Committer:  Phil Pennock <pdp@???>
CommitDate: Tue Apr 2 12:37:03 2013 -0400


    Ensure OpenSSL entropy state reset across forks.


    Note that this function is never going to be called pre-fork unless the
    admin is doing something highly unusual with ${randint:..} in a context
    evaluated in the listening daemon.  Other forks should result in a
    re-exec(), thus resetting state.


    Nonetheless, be more cautious, explicitly reset state.


    Fix per PostgreSQL.


    PS: why does OpenSSL not document RAND_cleanup() on the same page as all
        the other entropy pool maintenance functions?
---
 src/src/tls-openssl.c |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)


diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 42afd39..18cb787 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1753,12 +1753,26 @@ vaguely_random_number(int max)
{
unsigned int r;
int i, needed_len;
+static pid_t pidlast = 0;
+pid_t pidnow;
uschar *p;
uschar smallbuf[sizeof(r)];

if (max <= 1)
return 0;

+pidnow = getpid();
+if (pidnow != pidlast)
+  {
+  /* Although OpenSSL documents that "OpenSSL makes sure that the PRNG state
+  is unique for each thread", this doesn't apparently apply across processes,
+  so our own warning from vaguely_random_number_fallback() applies here too.
+  Fix per PostgreSQL. */
+  if (pidlast != 0)
+    RAND_cleanup();
+  pidlast = pidnow;
+  }
+
 /* OpenSSL auto-seeds from /dev/random, etc, but this a double-check. */
 if (!RAND_status())
   {