Re: [exim-dev] Question on OpenSSL random/fork fix

Top Page

Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] Question on OpenSSL random/fork fix
On Fri, Oct 25, 2013 at 01:49:20PM -0400, Jeffrey Walton wrote:

> Forgive me for my ignorance here. I'm surveying methods to fix the
> problems with OpenSSL's PRNG after a fork.
>
> It looks like Exim calls RAND_cleanup after a fork.


Sure.

> It also looks like OpenSSL's RAND_cleanup clears the state *and*
> replaces the random method with NULL. From rand_lib.c:
>
> void RAND_cleanup(void)
>     {
>     const RAND_METHOD *meth = RAND_get_rand_method();
>     if (meth && meth->cleanup)
>         meth->cleanup();
>     RAND_set_rand_method(NULL);
>     }


[ And for the RAND_SSLeay method, it clears the "initialized" boolean,
so that the generator performs internal reseeding via RAND_poll() next
time RAND_status() is called. ]

Yes, but then the next call to RAND_get_rand_method() will reset the
method to RAND_SSELeay():

    const RAND_METHOD *RAND_get_rand_method(void)
        {
        if (!default_RAND_meth)
            {
    #ifndef OPENSSL_NO_ENGINE
            ENGINE *e = ENGINE_get_default_RAND();
            if(e)
                {
                default_RAND_meth = ENGINE_get_RAND(e);
                if(!default_RAND_meth)
                    {
                    ENGINE_finish(e);
                    e = NULL;
                    }
                }
            if(e)
                funct_ref = e;
            else
    #endif
                default_RAND_meth = RAND_SSLeay();
            }
        return default_RAND_meth;
        }


> That means the call to RAND_seed should that follows should fail:
> [...]


The rest of analysis is therefore invalid (conclusions based on a
false premise).

-- 
    Viktor.