Hi All,
Forgive me for my ignorance here. I'm surveying methods to fix the
problems with OpenSSL's PRNG after a fork.
It looks like Exim calls RAND_cleanup after a fork.
https://lists.exim.org/lurker/message/20130402.171710.92f14a60.el.html
and
http://git.exim.org/exim.git/blob/de6135a0cbbeb4fbae7233a40563a241de1c237b:/src/src/tls-openssl.c.
It also looks like OpenSSL's RAND_cleanup clears the state *and*
replaces the random method with NULL. From rand_lib.c:
void RAND_cleanup(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->cleanup)
meth->cleanup();
RAND_set_rand_method(NULL);
}
That means the call to RAND_seed should that follows should fail:
void RAND_seed(const void *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->seed)
meth->seed(buf,num);
}
And believe subsequent calls to RAND_bytes or RAND_pseudo_bytes will also fail:
int RAND_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->bytes)
return meth->bytes(buf,num);
return(-1);
}
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->pseudorand)
return meth->pseudorand(buf,num);
return(-1);
}
Somewhat interesting in a morbid sort of way, it looks like the call
to RAND_status is useful because it returns 0:
int RAND_status(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->status)
return meth->status();
return 0;
}
Sorry to bring this up. I'm probably missing something obvious.
Thanks in advance.
Jeffrey Walton
