Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding

tiran · tiran · commit ee0bac66b2f3 · 2013-10-29T21:11:55.000+01:00
It is causing trouble like e.g. hanging processes.
diff --git a/Doc/library/os.rst b/Doc/library/os.rst
@@ -2637,6 +2637,10 @@ written in Python, such as a mail server's external command delivery program.
    Note that some platforms including FreeBSD <= 6.3, Cygwin and OS/2 EMX have
    known issues when using fork() from a thread.
 
+   .. warning::
+
+      See :mod:`ssl` for applications that use the SSL module with fork().
+
    Availability: Unix.
 
 
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
@@ -29,6 +29,14 @@ probably additional platforms, as long as OpenSSL is installed on that platform.
    cause variations in behavior. For example, TLSv1.1 and TLSv1.2 come with
    openssl version 1.0.1.
 
+.. warning::
+
+   OpenSSL's internal random number generator does not properly handle fork.
+   Applications must change the PRNG state of the parent process if they use
+   any SSL feature with with :func:`os.fork`. Any successful call of
+   :func:`~ssl.RAND_add`, :func:`~ssl.RAND_bytes` or
+   :func:`~ssl.RAND_pseudo_bytes` is sufficient.
+
 This section documents the objects and functions in the ``ssl`` module; for more
 general information about TLS, SSL, and certificates, the reader is referred to
 the documents in the "See Also" section at the bottom.
diff --git a/Misc/NEWS b/Misc/NEWS
@@ -28,6 +28,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #19227: Remove pthread_atfork() handler. The handler was added to
+  solve #18747 but has caused issues.
+
 - Issue #19420: Fix reference leak in module initalization code of
   _hashopenssl.c
 
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -19,9 +19,6 @@
 #ifdef WITH_THREAD
 #include "pythread.h"
 
-#ifdef HAVE_PTHREAD_ATFORK
-#  include <pthread.h>
-#endif
 
 #define PySSL_BEGIN_ALLOW_THREADS_S(save) \
     do { if (_ssl_locks_count>0) { (save) = PyEval_SaveThread(); } } while (0)
@@ -2950,65 +2947,6 @@ Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
 Returns number of bytes read.  Raises SSLError if connection to EGD\n\
 fails or if it does not provide enough data to seed PRNG.");
 
-/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747
- *
- * The prepare handler seeds the PRNG from pseudo-random data like pid, the
- * current time (miliseconds or seconds) and an uninitialized array.
- * The array contains stack variables that are impossible to predict
- * on most systems, e.g. function return address (subject to ASLR), the
- * stack protection canary and automatic variables.
- * The code is inspired by Apache's ssl_rand_seed() function.
- *
- * Note:
- * The code uses pthread_atfork() until Python has a proper atfork API. The
- * handlers are not removed from the child process. A prepare handler is used
- * instead of a child handler because fork() is supposed to be async-signal
- * safe but the handler calls unsafe functions. A parent handler has caused
- * other problems, see issue #19227.
- */
-
-#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD)
-#define PYSSL_RAND_ATFORK 1
-
-static void
-PySSL_RAND_atfork_prepare(void)
-{
-    struct {
-        char stack[128];    /* uninitialized (!) stack data, 128 is an
-                               arbitrary number. */
-        pid_t pid;          /* current pid */
-        _PyTime_timeval tp; /* current time */
-    } seed;
-
-#ifdef WITH_VALGRIND
-    VALGRIND_MAKE_MEM_DEFINED(seed.stack, sizeof(seed.stack));
-#endif
-    seed.pid = getpid();
-    _PyTime_gettimeofday(&(seed.tp));
-    RAND_add((unsigned char *)&seed, sizeof(seed), 0.0);
-}
-
-static int
-PySSL_RAND_atfork(void)
-{
-    static int registered = 0;
-    int retval;
-
-    if (registered)
-        return 0;
-
-    retval = pthread_atfork(PySSL_RAND_atfork_prepare, /* prepare */
-                            NULL,                      /* parent */
-                            NULL);                     /* child */
-    if (retval != 0) {
-        PyErr_SetFromErrno(PyExc_OSError);
-        return -1;
-    }
-    registered = 1;
-    return 0;
-}
-#endif /* HAVE_PTHREAD_ATFORK */
-
 #endif /* HAVE_OPENSSL_RAND */
 
 
@@ -3623,10 +3561,5 @@ PyInit__ssl(void)
     if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r))
         return NULL;
 
-#ifdef PYSSL_RAND_ATFORK
-    if (PySSL_RAND_atfork() == -1)
-        return NULL;
-#endif
-
     return m;
 }
