CVS commit: src/crypto/external/bsd/openssl/dist/crypto/rand
Module Name:src
Committed By: nia
Date: Thu Apr 30 10:59:02 UTC 2020
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/rand: rand_unix.c
Log Message:
Fix the detection of KERN_ARND by OpenSSL.
Firstly, include the correct headers. Then, make sure that requests
never exceed 256 bytes.
Disable a hack for old FreeBSD versions, just in case it actually gets
used.
This should mean that OpenSSL doesn't ever fall back to reading from
/dev/urandom.
XXX pullup, XXX upstream.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 \
src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.15 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.16
--- src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.15 Sun Mar 22 00:53:07 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Thu Apr 30 10:59:02 2020
@@ -26,12 +26,12 @@
# include
# endif
#endif
-#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI)
+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI)
# include
# include
# include
#endif
-#if defined(__OpenBSD__) || defined(__NetBSD__)
+#if defined(__OpenBSD__)
# include
#endif
@@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf,
* when the sysctl returns long and we want to request something not a
* multiple of longs, which should never be the case.
*/
+#if defined(__FreeBSD__)
if (!ossl_assert(buflen % sizeof(long) == 0)) {
errno = EINVAL;
return -1;
}
+#endif
/*
* On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
@@ -268,7 +270,8 @@ static ssize_t sysctl_random(char *buf,
mib[1] = KERN_ARND;
do {
-len = buflen;
+/* On NetBSD, KERN_ARND fails if more than 256 bytes are requested */
+len = buflen > 256 ? 256 : buflen;
if (sysctl(mib, 2, buf, , NULL, 0) == -1)
return done > 0 ? done : -1;
done += len;
CVS commit: src/crypto/external/bsd/openssl/dist/crypto/rand
Module Name:src Committed By: riastradh Date: Sat Feb 15 23:19:37 UTC 2020 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/rand: rand_unix.c Log Message: Open /dev/urandom with O_CLOEXEC. Let's avoid bleeding file descriptors into our clients' children, shall we? XXX pullup To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 \ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.13 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.14 --- src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.13 Thu Jan 23 02:54:55 2020 +++ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Sat Feb 15 23:19:37 2020 @@ -479,7 +479,7 @@ static int get_random_device(size_t n) return rd->fd; /* open the random device ... */ -if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1) +if ((rd->fd = open(random_device_paths[n], O_RDONLY|O_CLOEXEC)) == -1) return rd->fd; /* ... and cache its relevant stat(2) data */
CVS commit: src/crypto/external/bsd/openssl/dist/crypto/rand
Module Name:src
Committed By: tls
Date: Sun Jul 28 14:13:29 UTC 2013
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c
Log Message:
Re-check the entropy level after we call RAND_poll(), so that we do
not continuously suck data out of /dev/urandom if we receive a stream
of requests larger than the initial-entropy threshold (hi Roland!).
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c:1.4 src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c:1.5
--- src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c:1.4 Tue Feb 5 21:31:25 2013
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c Sun Jul 28 14:13:29 2013
@@ -397,6 +397,11 @@ static int ssleay_rand_bytes(unsigned ch
RAND_poll();
ok = (entropy = ENTROPY_NEEDED);
+ }
+
+ if (!ok)
+ {
+
/* If the PRNG state is not yet unpredictable, then seeing
* the PRNG output may help attackers to determine the new
* state; thus we have to decrease the entropy estimate.
CVS commit: src/crypto/external/bsd/openssl/dist/crypto/rand
Module Name:src
Committed By: tls
Date: Wed Mar 7 10:17:48 UTC 2012
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/rand: md_rand.c
Log Message:
Fix applications that call RAND_bytes() before any other RAND function.
Last change was...a bit too simple.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c:1.2 src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c:1.2 Mon Mar 5 20:13:36 2012
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c Wed Mar 7 10:17:47 2012
@@ -395,6 +395,7 @@ static int ssleay_rand_bytes(unsigned ch
{
RAND_poll();
+ ok = (entropy = ENTROPY_NEEDED);
/* If the PRNG state is not yet unpredictable, then seeing
* the PRNG output may help attackers to determine the new
