[openssl-commits] [openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Wed Aug 22 14:01:45 UTC 2018 

The branch master has been updated
       via  bc420ebea2c5ad813779ac3395f1c5a1083d49c5 (commit)
      from  a21285b3636a8356f01027416b0cd43b016f58ca (commit)


- Log -----------------------------------------------------------------
commit bc420ebea2c5ad813779ac3395f1c5a1083d49c5
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Tue Aug 21 22:51:28 2018 +0200

    rand_lib.c: Don't open random devices while cleaning up.
    
    Fixes #7022
    
    In pull request #6432 a change was made to keep the handles to the
    random devices opened in order to avoid reseeding problems for
    applications in chroot environments.
    
    As a consequence, the handles of the random devices were leaked at exit
    if the random generator was not used by the application. This happened,
    because the call to RAND_set_rand_method(NULL) in rand_cleanup_int()
    triggered a call to the call_once function do_rand_init, which opened
    the random devices via rand_pool_init().
    
    Thanks to GitHub user @bwelling for reporting this issue.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7023)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/rand_lib.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 6123d14..e9bc952 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -31,6 +31,8 @@ int rand_fork_count;
 static CRYPTO_RWLOCK *rand_nonce_lock;
 static int rand_nonce_count;
 
+static int rand_cleaning_up = 0;
+
 #ifdef OPENSSL_RAND_SEED_RDTSC
 /*
  * IMPORTANT NOTE:  It is not currently possible to use this code
@@ -324,7 +326,7 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
     if (rand_nonce_lock == NULL)
         goto err2;
 
-    if (!rand_pool_init())
+    if (!rand_cleaning_up && !rand_pool_init())
         goto err3;
 
     return 1;
@@ -346,10 +348,12 @@ void rand_cleanup_int(void)
 {
     const RAND_METHOD *meth = default_RAND_meth;
 
+    rand_cleaning_up = 1;
+
     if (meth != NULL && meth->cleanup != NULL)
         meth->cleanup();
-    rand_pool_cleanup();
     RAND_set_rand_method(NULL);
+    rand_pool_cleanup();
 #ifndef OPENSSL_NO_ENGINE
     CRYPTO_THREAD_lock_free(rand_engine_lock);
     rand_engine_lock = NULL;

More information about the openssl-commits mailing list