From bc420ebea2c5ad813779ac3395f1c5a1083d49c5 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Tue, 21 Aug 2018 22:51:28 +0200 Subject: [PATCH] rand_lib.c: Don't open random devices while cleaning up. Fixes #7022 In pull request #6432 a change was made to keep the handles to the random devices opened in order to avoid reseeding problems for applications in chroot environments. As a consequence, the handles of the random devices were leaked at exit if the random generator was not used by the application. This happened, because the call to RAND_set_rand_method(NULL) in rand_cleanup_int() triggered a call to the call_once function do_rand_init, which opened the random devices via rand_pool_init(). Thanks to GitHub user @bwelling for reporting this issue. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7023) --- crypto/rand/rand_lib.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 6123d148a4..e9bc952210 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -31,6 +31,8 @@ int rand_fork_count; static CRYPTO_RWLOCK *rand_nonce_lock; static int rand_nonce_count; +static int rand_cleaning_up = 0; + #ifdef OPENSSL_RAND_SEED_RDTSC /* * IMPORTANT NOTE: It is not currently possible to use this code @@ -324,7 +326,7 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) if (rand_nonce_lock == NULL) goto err2; - if (!rand_pool_init()) + if (!rand_cleaning_up && !rand_pool_init()) goto err3; return 1; @@ -346,10 +348,12 @@ void rand_cleanup_int(void) { const RAND_METHOD *meth = default_RAND_meth; + rand_cleaning_up = 1; + if (meth != NULL && meth->cleanup != NULL) meth->cleanup(); - rand_pool_cleanup(); RAND_set_rand_method(NULL); + rand_pool_cleanup(); #ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); rand_engine_lock = NULL; -- 2.34.1