From de6135a0cbbeb4fbae7233a40563a241de1c237b Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Tue, 2 Apr 2013 12:37:03 -0400 Subject: [PATCH] Ensure OpenSSL entropy state reset across forks. Note that this function is never going to be called pre-fork unless the admin is doing something highly unusual with ${randint:..} in a context evaluated in the listening daemon. Other forks should result in a re-exec(), thus resetting state. Nonetheless, be more cautious, explicitly reset state. Fix per PostgreSQL. PS: why does OpenSSL not document RAND_cleanup() on the same page as all the other entropy pool maintenance functions? --- src/src/tls-openssl.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 42afd3949..18cb787a5 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1753,12 +1753,26 @@ vaguely_random_number(int max) { unsigned int r; int i, needed_len; +static pid_t pidlast = 0; +pid_t pidnow; uschar *p; uschar smallbuf[sizeof(r)]; if (max <= 1) return 0; +pidnow = getpid(); +if (pidnow != pidlast) + { + /* Although OpenSSL documents that "OpenSSL makes sure that the PRNG state + is unique for each thread", this doesn't apparently apply across processes, + so our own warning from vaguely_random_number_fallback() applies here too. + Fix per PostgreSQL. */ + if (pidlast != 0) + RAND_cleanup(); + pidlast = pidnow; + } + /* OpenSSL auto-seeds from /dev/random, etc, but this a double-check. */ if (!RAND_status()) { -- 2.25.1