diff options
author | Phil Pennock <pdp@exim.org> | 2013-04-02 12:37:03 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2013-04-02 12:37:03 -0400 |
commit | de6135a0cbbeb4fbae7233a40563a241de1c237b (patch) | |
tree | cc6753844f8b0da3e6abafe9ec5ea662eeb297ff | |
parent | 700d22f3fc0cc559170e8085a1b799b61dceb738 (diff) |
Ensure OpenSSL entropy state reset across forks.
Note that this function is never going to be called pre-fork unless the
admin is doing something highly unusual with ${randint:..} in a context
evaluated in the listening daemon. Other forks should result in a
re-exec(), thus resetting state.
Nonetheless, be more cautious, explicitly reset state.
Fix per PostgreSQL.
PS: why does OpenSSL not document RAND_cleanup() on the same page as all
the other entropy pool maintenance functions?
-rw-r--r-- | src/src/tls-openssl.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 42afd3949..18cb787a5 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1753,12 +1753,26 @@ vaguely_random_number(int max) { unsigned int r; int i, needed_len; +static pid_t pidlast = 0; +pid_t pidnow; uschar *p; uschar smallbuf[sizeof(r)]; if (max <= 1) return 0; +pidnow = getpid(); +if (pidnow != pidlast) + { + /* Although OpenSSL documents that "OpenSSL makes sure that the PRNG state + is unique for each thread", this doesn't apparently apply across processes, + so our own warning from vaguely_random_number_fallback() applies here too. + Fix per PostgreSQL. */ + if (pidlast != 0) + RAND_cleanup(); + pidlast = pidnow; + } + /* OpenSSL auto-seeds from /dev/random, etc, but this a double-check. */ if (!RAND_status()) { |