Fixes #7022
In pull request #6432 a change was made to keep the handles to the
random devices opened in order to avoid reseeding problems for
applications in chroot environments.
As a consequence, the handles of the random devices were leaked at exit
if the random generator was not used by the application. This happened,
because the call to RAND_set_rand_method(NULL) in rand_cleanup_int()
triggered a call to the call_once function do_rand_init, which opened
the random devices via rand_pool_init().
Thanks to GitHub user @bwelling for reporting this issue.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7023)
static CRYPTO_RWLOCK *rand_nonce_lock;
static int rand_nonce_count;
+static int rand_cleaning_up = 0;
+
#ifdef OPENSSL_RAND_SEED_RDTSC
/*
* IMPORTANT NOTE: It is not currently possible to use this code
if (rand_nonce_lock == NULL)
goto err2;
- if (!rand_pool_init())
+ if (!rand_cleaning_up && !rand_pool_init())
goto err3;
return 1;
{
const RAND_METHOD *meth = default_RAND_meth;
+ rand_cleaning_up = 1;
+
if (meth != NULL && meth->cleanup != NULL)
meth->cleanup();
- rand_pool_cleanup();
RAND_set_rand_method(NULL);
+ rand_pool_cleanup();
#ifndef OPENSSL_NO_ENGINE
CRYPTO_THREAD_lock_free(rand_engine_lock);
rand_engine_lock = NULL;