Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.

A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
This commit is contained in:
Christian Heimes 2013-08-21 13:26:05 +02:00
parent b1973c252c
commit f77b4b20e9
6 changed files with 123 additions and 0 deletions

View File

@ -130,6 +130,38 @@ class BasicSocketTests(unittest.TestCase):
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
ssl.RAND_add("this is a random string", 75.0) ssl.RAND_add("this is a random string", 75.0)
@unittest.skipUnless(os.name == 'posix', 'requires posix')
def test_random_fork(self):
status = ssl.RAND_status()
if not status:
self.fail("OpenSSL's PRNG has insufficient randomness")
rfd, wfd = os.pipe()
pid = os.fork()
if pid == 0:
try:
os.close(rfd)
child_random = ssl.RAND_pseudo_bytes(16)[0]
self.assertEqual(len(child_random), 16)
os.write(wfd, child_random)
os.close(wfd)
except BaseException:
os._exit(1)
else:
os._exit(0)
else:
os.close(wfd)
self.addCleanup(os.close, rfd)
_, status = os.waitpid(pid, 0)
self.assertEqual(status, 0)
child_random = os.read(rfd, 16)
self.assertEqual(len(child_random), 16)
parent_random = ssl.RAND_pseudo_bytes(16)[0]
self.assertEqual(len(parent_random), 16)
self.assertNotEqual(child_random, parent_random)
def test_parse_cert(self): def test_parse_cert(self):
# note that this uses an 'unofficial' function in _ssl.c, # note that this uses an 'unofficial' function in _ssl.c,
# provided solely for this test, to exercise the certificate # provided solely for this test, to exercise the certificate

View File

@ -66,6 +66,10 @@ Core and Builtins
Library Library
------- -------
- Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
- Issue #8865: Concurrent invocation of select.poll.poll() now raises a - Issue #8865: Concurrent invocation of select.poll.poll() now raises a
RuntimeError exception. Patch by Christian Schubert. RuntimeError exception. Patch by Christian Schubert.

View File

@ -18,6 +18,11 @@
#ifdef WITH_THREAD #ifdef WITH_THREAD
#include "pythread.h" #include "pythread.h"
#ifdef HAVE_PTHREAD_ATFORK
# include <pthread.h>
#endif
#define PySSL_BEGIN_ALLOW_THREADS_S(save) \ #define PySSL_BEGIN_ALLOW_THREADS_S(save) \
do { if (_ssl_locks_count>0) { (save) = PyEval_SaveThread(); } } while (0) do { if (_ssl_locks_count>0) { (save) = PyEval_SaveThread(); } } while (0)
#define PySSL_END_ALLOW_THREADS_S(save) \ #define PySSL_END_ALLOW_THREADS_S(save) \
@ -2578,7 +2583,69 @@ Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
Returns number of bytes read. Raises SSLError if connection to EGD\n\ Returns number of bytes read. Raises SSLError if connection to EGD\n\
fails or if it does not provide enough data to seed PRNG."); fails or if it does not provide enough data to seed PRNG.");
/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747
*
* The child handler seeds the PRNG from pseudo-random data like pid, the
* current time (nanoseconds, miliseconds or seconds) and an uninitialized
* array. The array contains stack variables that are impossible to predict
* on most systems, e.g. function return address (subject to ASLR), the
* stack protection canary and automatic variables.
* The code is inspired by Apache's ssl_rand_seed() function.
*
* Note:
* The code uses pthread_atfork() until Python has a proper atfork API. The
* handlers are not removed from the child process.
*/
#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD)
#define PYSSL_RAND_ATFORK 1
static void
PySSL_RAND_atfork_child(void)
{
struct {
char stack[128]; /* uninitialized (!) stack data, 128 is an
arbitrary number. */
pid_t pid; /* current pid */
_PyTime_timeval tp; /* current time */
} seed;
#ifdef WITH_VALGRIND
VALGRIND_MAKE_MEM_DEFINED(seed.stack, sizeof(seed.stack));
#endif #endif
seed.pid = getpid();
_PyTime_gettimeofday(&(seed.tp));
#if 0
fprintf(stderr, "PySSL_RAND_atfork_child() seeds %i bytes in pid %i\n",
(int)sizeof(seed), seed.pid);
#endif
RAND_add((unsigned char *)&seed, sizeof(seed), 0.0);
}
static int
PySSL_RAND_atfork(void)
{
static int registered = 0;
int retval;
if (registered)
return 0;
retval = pthread_atfork(NULL, /* prepare */
NULL, /* parent */
PySSL_RAND_atfork_child); /* child */
if (retval != 0) {
PyErr_SetFromErrno(PyExc_OSError);
return -1;
}
registered = 1;
return 0;
}
#endif /* HAVE_PTHREAD_ATFORK */
#endif /* HAVE_OPENSSL_RAND */
@ -2956,5 +3023,10 @@ PyInit__ssl(void)
if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r)) if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r))
return NULL; return NULL;
#ifdef PYSSL_RAND_ATFORK
if (PySSL_RAND_atfork() == -1)
return NULL;
#endif
return m; return m;
} }

11
configure vendored
View File

@ -9791,6 +9791,17 @@ $as_echo "#define HAVE_BROKEN_PTHREAD_SIGMASK 1" >>confdefs.h
;; ;;
esac esac
fi
done
for ac_func in pthread_atfork
do :
ac_fn_c_check_func "$LINENO" "pthread_atfork" "ac_cv_func_pthread_atfork"
if test "x$ac_cv_func_pthread_atfork" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_PTHREAD_ATFORK 1
_ACEOF
fi fi
done done

View File

@ -2500,6 +2500,7 @@ if test "$posix_threads" = "yes"; then
[Define if pthread_sigmask() does not work on your system.]) [Define if pthread_sigmask() does not work on your system.])
;; ;;
esac]) esac])
AC_CHECK_FUNCS(pthread_atfork)
fi fi

View File

@ -633,6 +633,9 @@
/* Define if your compiler supports function prototype */ /* Define if your compiler supports function prototype */
#undef HAVE_PROTOTYPES #undef HAVE_PROTOTYPES
/* Define to 1 if you have the `pthread_atfork' function. */
#undef HAVE_PTHREAD_ATFORK
/* Defined for Solaris 2.6 bug in pthread header. */ /* Defined for Solaris 2.6 bug in pthread header. */
#undef HAVE_PTHREAD_DESTRUCTOR #undef HAVE_PTHREAD_DESTRUCTOR