[Bug 1701] FIPS-140-2 requires call to RAND_cleanup() before the program using RAND exits

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Apr 6 16:47:27 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1701

Tomas Mraz <t8m at centrum.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |t8m at centrum.cz

--- Comment #3 from Tomas Mraz <t8m at centrum.cz> 2010-04-06 16:47:25 EST ---
RAND_cleanup() is not signal safe if the rand generator is supplied by
an engine which would be released by the call (no other references than
the generator). But this is irrelevant anyway as the functions
registered with atexit() are called only in exit() calls and not in the
default signal handler termination or in _exit().

If openssh called exit() in signal handler it would be a security
problem anyway as this is signal handler unsafe call itself.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list