On 2022/03/02 22:19, Gleydson Soares wrote:
> Hello,
>
> I have managed to make stunnel build against libressl.
>
> While working on it, i've triggered a segfault:
>
> openbsd-arm64$ stunnel
> Segmentation fault (core dumped)
> openbsd-arm64$
>
> ...
> So looked at the coredump to find clues:
>
> Program received signal SIGSEGV, Segmentation fault.
> prng_init (global=0xfb13b5ce8 <new_global_options>)
> at /usr/ports/pobj/stunnel-5.62/stunnel-5.62/src/ssl.c:357
> 357 if(meth->status==NULL || meth->add==NULL) {
> (gdb)
>
> Breakpoint 5, prng_init (global=0x8c4385ce8 <new_global_options>)
> at /usr/ports/pobj/stunnel-5.62/stunnel-5.62/src/ssl.c:354
> 354 const RAND_METHOD *meth=RAND_get_rand_method();
>
> It has been fixed by wrapping the code path with
> !defined(LIBRESSL_VERSION_NUMBER), RAND_*_rand_method() exist just for
I think that may be an upstream bug, OpenSSL can return NULL for
RAND_get_rand_method too.
351 NOEXPORT int prng_init(GLOBAL_OPTIONS *global) {
352 int totbytes=0;
353 char filename[256];
354 const RAND_METHOD *meth=RAND_get_rand_method();
355
356 /* skip PRNG initialization when no seeding methods are available */
357 if(meth->status==NULL || meth->add==NULL) {
358 s_log(LOG_DEBUG, "No PRNG seeding methods");
359 return 0; /* success */
360 }
361
362 if(RAND_status()) {
363 s_log(LOG_DEBUG, "No PRNG seeding was required");
364 return 0; /* success */
365 }
Perhaps they should do "if(meth==NULL || meth->status==NULL [...])".
With stunnel it really feels like the dev is going out of his way to
make the software as annoying as possible to build against LibreSSL.
Which makes me definitely think we should keep building against LibreSSL! :)
> ABI compatibility, the code fallback to "/dev/urandom" afterwards, but
> would be great to use arc4random(3) instead, something like our
> RAND_pseudo_bytes().
No need to do that stuff, it just ends up calling RAND_load_file which
is a noop on LibreSSL.
