[Python-checkins] cpython (2.7): Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL

Tue Oct 29 21:24:35 CET 2013

http://hg.python.org/cpython/rev/ad779da9e351
changeset:   86756:ad779da9e351
branch:      2.7
parent:      86747:e0475c44832f
user:        Christian Heimes <christian at cheimes.de>
date:        Tue Oct 29 20:50:01 2013 +0100
summary:
  Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding
It is causing trouble like e.g. hanging processes.

files:
  Modules/_ssl.c |  65 --------------------------------------
  1 files changed, 0 insertions(+), 65 deletions(-)

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -19,9 +19,6 @@
 #ifdef WITH_THREAD
 #include "pythread.h"
 
-#ifdef HAVE_PTHREAD_ATFORK
-#  include <pthread.h>
-#endif
 
 #define PySSL_BEGIN_ALLOW_THREADS { \
             PyThreadState *_save = NULL;  \
@@ -1627,64 +1624,6 @@
 Returns number of bytes read.  Raises SSLError if connection to EGD\n\
 fails or if it does not provide enough data to seed PRNG.");
 
-/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747
- *
- * The parent handler seeds the PRNG from pseudo-random data like pid, the
- * current time (miliseconds or seconds) and an uninitialized array.
- * The array contains stack variables that are impossible to predict
- * on most systems, e.g. function return address (subject to ASLR), the
- * stack protection canary and automatic variables.
- * The code is inspired by Apache's ssl_rand_seed() function.
- *
- * Note:
- * The code uses pthread_atfork() until Python has a proper atfork API. The
- * handlers are not removed from the child process. A parent handler is used
- * instead of a child handler because fork() is supposed to be async-signal
- * safe but the handler calls unsafe functions.
- */
-
-#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD)
-#define PYSSL_RAND_ATFORK 1
-
-static void
-PySSL_RAND_atfork_parent(void)
-{
-    struct {
-        char stack[128];    /* uninitialized (!) stack data, 128 is an
-                               arbitrary number. */
-        pid_t pid;          /* current pid */
-        time_t time;        /* current time */
-    } seed;
-
-#ifdef WITH_VALGRIND
-    VALGRIND_MAKE_MEM_DEFINED(seed.stack, sizeof(seed.stack));
-#endif
-    seed.pid = getpid();
-    seed.time = time(NULL);
-    RAND_add((unsigned char *)&seed, sizeof(seed), 0.0);
-}
-
-static int
-PySSL_RAND_atfork(void)
-{
-    static int registered = 0;
-    int retval;
-
-    if (registered)
-        return 0;
-
-    retval = pthread_atfork(NULL,                     /* prepare */
-                            PySSL_RAND_atfork_parent, /* parent */
-                            NULL);                    /* child */
-    if (retval != 0) {
-        PyErr_SetFromErrno(PyExc_OSError);
-        return -1;
-    }
-    registered = 1;
-    return 0;
-}
-#endif /* HAVE_PTHREAD_ATFORK */
-
 #endif /* HAVE_OPENSSL_RAND */
 
 
@@ -1899,8 +1838,4 @@
     if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
         return;
 
-#ifdef PYSSL_RAND_ATFORK
-    if (PySSL_RAND_atfork() == -1)
-        return;
-#endif
 }

-- 
Repository URL: http://hg.python.org/cpython
