fix: close all /dev/urandom open fds (#4835)

Author: boquan-fang

tests/unit/s2n_drbg_test.c

@@ -296,7 +296,9 @@ int check_drgb_version(s2n_drbg_mode mode, int (*generator)(void *, uint32_t), i
         POSIX_GUARD(s2n_stuffer_read(&personalization, &personalization_string));
 
         /* Over-ride the entropy sources */
+        POSIX_GUARD_RESULT(s2n_rand_cleanup());
         POSIX_GUARD(s2n_rand_set_callbacks(nist_fake_entropy_init_cleanup, nist_fake_entropy_init_cleanup, generator, generator));
+        POSIX_GUARD_RESULT(s2n_rand_init());
 
         /* Instantiate the DRBG */
         POSIX_GUARD_RESULT(s2n_drbg_instantiate(&nist_drbg, &personalization_string, mode));

tests/unit/s2n_fork_generation_number_test.c

@@ -189,8 +189,7 @@ static int s2n_unit_test_clone_child_process(void *parent_process_fgn)
     /* Verify in threads */
     EXPECT_EQUAL(s2n_unit_test_thread(return_fork_generation_number), S2N_SUCCESS);
 
-    /* This translates to the exit code for this child process */
-    return EXIT_SUCCESS;
+    exit(EXIT_SUCCESS);
 }
 
 #define PROCESS_CHILD_STACK_SIZE (1024 * 1024) /* Suggested by clone() man page... */

tests/unit/s2n_override_openssl_random_test.c

@@ -100,7 +100,10 @@ int main(int argc, char **argv)
     /* Set s2n_random to use a new fixed DRBG to test that other known answer tests with s2n_random and OpenSSL are deterministic */
     EXPECT_OK(s2n_stuffer_alloc_from_hex(&test_entropy, reference_entropy_hex));
     struct s2n_drbg drbg;
+
+    POSIX_GUARD_RESULT(s2n_rand_cleanup());
     EXPECT_SUCCESS(s2n_rand_set_callbacks(s2n_entropy_init_cleanup, s2n_entropy_init_cleanup, s2n_entropy_generator, s2n_entropy_generator));
+    POSIX_GUARD_RESULT(s2n_rand_init());
 
     s2n_stack_blob(personalization_string, 32, 32);
     EXPECT_OK(s2n_drbg_instantiate(&drbg, &personalization_string, S2N_AES_256_CTR_NO_DF_PR));

tests/unit/s2n_random_test.c

@@ -840,9 +840,13 @@ static int s2n_random_invalid_urandom_fd_cb(struct random_test_case *test_case)
 
         EXPECT_TRUE(dev_urandom->fd > STDERR_FILENO);
         if (test == 0) {
-            /* Close the file descriptor. */
+            /* Test 0 tests for closed dev_urandom fd */
             EXPECT_EQUAL(close(dev_urandom->fd), 0);
         } else {
+            /* Test 1 tests for invalid value for dev_urandom.
+             * Needs to close the previously set dev_urandom fd
+             * before making it invalid. */
+            EXPECT_EQUAL(close(dev_urandom->fd), 0);
             /* Make the file descriptor invalid by pointing it to STDERR. */
             dev_urandom->fd = STDERR_FILENO;
         }