|
19 | 19 | #ifdef WITH_THREAD |
20 | 20 | #include "pythread.h" |
21 | 21 |
|
22 | | -#ifdef HAVE_PTHREAD_ATFORK |
23 | | -# include <pthread.h> |
24 | | -#endif |
25 | 22 |
|
26 | 23 | #define PySSL_BEGIN_ALLOW_THREADS_S(save) \ |
27 | 24 | do { if (_ssl_locks_count>0) { (save) = PyEval_SaveThread(); } } while (0) |
@@ -2584,65 +2581,6 @@ Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\ |
2584 | 2581 | Returns number of bytes read. Raises SSLError if connection to EGD\n\ |
2585 | 2582 | fails or if it does not provide enough data to seed PRNG."); |
2586 | 2583 |
|
2587 | | -/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747 |
2588 | | - * |
2589 | | - * The prepare handler seeds the PRNG from pseudo-random data like pid, the |
2590 | | - * current time (miliseconds or seconds) and an uninitialized array. |
2591 | | - * The array contains stack variables that are impossible to predict |
2592 | | - * on most systems, e.g. function return address (subject to ASLR), the |
2593 | | - * stack protection canary and automatic variables. |
2594 | | - * The code is inspired by Apache's ssl_rand_seed() function. |
2595 | | - * |
2596 | | - * Note: |
2597 | | - * The code uses pthread_atfork() until Python has a proper atfork API. The |
2598 | | - * handlers are not removed from the child process. A prepare handler is used |
2599 | | - * instead of a child handler because fork() is supposed to be async-signal |
2600 | | - * safe but the handler calls unsafe functions. A parent handler has caused |
2601 | | - * other problems, see issue #19227. |
2602 | | - */ |
2603 | | - |
2604 | | -#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD) |
2605 | | -#define PYSSL_RAND_ATFORK 1 |
2606 | | - |
2607 | | -static void |
2608 | | -PySSL_RAND_atfork_prepare(void) |
2609 | | -{ |
2610 | | - struct { |
2611 | | - char stack[128]; /* uninitialized (!) stack data, 128 is an |
2612 | | - arbitrary number. */ |
2613 | | - pid_t pid; /* current pid */ |
2614 | | - _PyTime_timeval tp; /* current time */ |
2615 | | - } seed; |
2616 | | - |
2617 | | -#ifdef WITH_VALGRIND |
2618 | | - VALGRIND_MAKE_MEM_DEFINED(seed.stack, sizeof(seed.stack)); |
2619 | | -#endif |
2620 | | - seed.pid = getpid(); |
2621 | | - _PyTime_gettimeofday(&(seed.tp)); |
2622 | | - RAND_add((unsigned char *)&seed, sizeof(seed), 0.0); |
2623 | | -} |
2624 | | - |
2625 | | -static int |
2626 | | -PySSL_RAND_atfork(void) |
2627 | | -{ |
2628 | | - static int registered = 0; |
2629 | | - int retval; |
2630 | | - |
2631 | | - if (registered) |
2632 | | - return 0; |
2633 | | - |
2634 | | - retval = pthread_atfork(PySSL_RAND_atfork_prepare, /* prepare */ |
2635 | | - NULL, /* parent */ |
2636 | | - NULL); /* child */ |
2637 | | - if (retval != 0) { |
2638 | | - PyErr_SetFromErrno(PyExc_OSError); |
2639 | | - return -1; |
2640 | | - } |
2641 | | - registered = 1; |
2642 | | - return 0; |
2643 | | -} |
2644 | | -#endif /* HAVE_PTHREAD_ATFORK */ |
2645 | | - |
2646 | 2584 | #endif /* HAVE_OPENSSL_RAND */ |
2647 | 2585 |
|
2648 | 2586 |
|
@@ -3022,10 +2960,5 @@ PyInit__ssl(void) |
3022 | 2960 | if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r)) |
3023 | 2961 | return NULL; |
3024 | 2962 |
|
3025 | | -#ifdef PYSSL_RAND_ATFORK |
3026 | | - if (PySSL_RAND_atfork() == -1) |
3027 | | - return NULL; |
3028 | | -#endif |
3029 | | - |
3030 | 2963 | return m; |
3031 | 2964 | } |
0 commit comments