From 85d6043f21bbc8bc3f97f8a8be25581f8bc7f376 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 27 Jul 2019 16:44:53 -0500 Subject: fix osrandom/builtin switching methods for 1.1.0+ (#4955) * fix osrandom/builtin switching methods for 1.1.0+ In 1.1.0 RAND_cleanup became a no-op. This broke changing to the builtin random engine via activate_builtin_random(). Fixed by directly calling RAND_set_rand_method. This works on 1.0.x and 1.1.x * missed an assert --- src/cryptography/hazmat/backends/openssl/backend.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/cryptography/hazmat/backends/openssl/backend.py') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index c24d334a..ca8b1b62 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -133,8 +133,9 @@ class Backend(object): e = self._lib.ENGINE_get_default_RAND() if e != self._ffi.NULL: self._lib.ENGINE_unregister_RAND(e) - # Reset the RNG to use the new engine. - self._lib.RAND_cleanup() + # Reset the RNG to use the built-in. + res = self._lib.RAND_set_rand_method(self._ffi.NULL) + self.openssl_assert(res == 1) # decrement the structural reference from get_default_RAND res = self._lib.ENGINE_finish(e) self.openssl_assert(res == 1) @@ -167,8 +168,9 @@ class Backend(object): # Set the engine as the default RAND provider. res = self._lib.ENGINE_set_default_RAND(e) self.openssl_assert(res == 1) - # Reset the RNG to use the new engine. - self._lib.RAND_cleanup() + # Reset the RNG to use the engine + res = self._lib.RAND_set_rand_method(self._ffi.NULL) + self.openssl_assert(res == 1) def osrandom_engine_implementation(self): buf = self._ffi.new("char[]", 64) -- cgit v1.2.3