From 448eb31ad6509016a2414f506cead046e0d27d52 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@cheimes.de>
Date: Tue, 29 Oct 2013 20:50:01 +0100
Subject: [PATCH] Issue #19227 / Issue #18747: Remove pthread_atfork() handler
 to remove OpenSSL re-seeding It is causing trouble like e.g. hanging
 processes.

---
 Modules/_ssl.c | 65 --------------------------------------------------
 1 file changed, 65 deletions(-)

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index d95568cf16..ba64555799 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -19,9 +19,6 @@
 #ifdef WITH_THREAD
 #include "pythread.h"
 
-#ifdef HAVE_PTHREAD_ATFORK
-#  include <pthread.h>
-#endif
 
 #define PySSL_BEGIN_ALLOW_THREADS { \
             PyThreadState *_save = NULL;  \
@@ -1627,64 +1624,6 @@ Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
 Returns number of bytes read.  Raises SSLError if connection to EGD\n\
 fails or if it does not provide enough data to seed PRNG.");
 
-/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747
- *
- * The parent handler seeds the PRNG from pseudo-random data like pid, the
- * current time (miliseconds or seconds) and an uninitialized array.
- * The array contains stack variables that are impossible to predict
- * on most systems, e.g. function return address (subject to ASLR), the
- * stack protection canary and automatic variables.
- * The code is inspired by Apache's ssl_rand_seed() function.
- *
- * Note:
- * The code uses pthread_atfork() until Python has a proper atfork API. The
- * handlers are not removed from the child process. A parent handler is used
- * instead of a child handler because fork() is supposed to be async-signal
- * safe but the handler calls unsafe functions.
- */
-
-#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD)
-#define PYSSL_RAND_ATFORK 1
-
-static void
-PySSL_RAND_atfork_parent(void)
-{
-    struct {
-        char stack[128];    /* uninitialized (!) stack data, 128 is an
-                               arbitrary number. */
-        pid_t pid;          /* current pid */
-        time_t time;        /* current time */
-    } seed;
-
-#ifdef WITH_VALGRIND
-    VALGRIND_MAKE_MEM_DEFINED(seed.stack, sizeof(seed.stack));
-#endif
-    seed.pid = getpid();
-    seed.time = time(NULL);
-    RAND_add((unsigned char *)&seed, sizeof(seed), 0.0);
-}
-
-static int
-PySSL_RAND_atfork(void)
-{
-    static int registered = 0;
-    int retval;
-
-    if (registered)
-        return 0;
-
-    retval = pthread_atfork(NULL,                     /* prepare */
-                            PySSL_RAND_atfork_parent, /* parent */
-                            NULL);                    /* child */
-    if (retval != 0) {
-        PyErr_SetFromErrno(PyExc_OSError);
-        return -1;
-    }
-    registered = 1;
-    return 0;
-}
-#endif /* HAVE_PTHREAD_ATFORK */
-
 #endif /* HAVE_OPENSSL_RAND */
 
 
@@ -1899,8 +1838,4 @@ init_ssl(void)
     if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
         return;
 
-#ifdef PYSSL_RAND_ATFORK
-    if (PySSL_RAND_atfork() == -1)
-        return;
-#endif
 }
-- 
2.50.1