CVS commit: [netbsd-9] src/crypto/external/bsd/openssl/dist/crypto/rand

2020-04-30 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Thu Apr 30 16:17:04 UTC 2020

Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/rand [netbsd-9]:
rand_unix.c

Log Message:
Pull up following revision(s) (requested by nia in ticket #878):

crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.16

Fix the detection of KERN_ARND by OpenSSL.

Firstly, include the correct headers. Then, make sure that requests
never exceed 256 bytes.

Disable a hack for old FreeBSD versions, just in case it actually gets
used.

This should mean that OpenSSL doesn't ever fall back to reading from
/dev/urandom.

XXX pullup, XXX upstream.


To generate a diff of this commit:
cvs rdiff -u -r1.12.2.3 -r1.12.2.4 \
src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.3 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.4
--- src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.3	Mon Apr 27 14:47:26 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c	Thu Apr 30 16:17:04 2020
@@ -26,12 +26,12 @@
 #  include 
 # endif
 #endif
-#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI)
+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI)
 # include 
 # include 
 # include 
 #endif
-#if defined(__OpenBSD__) || defined(__NetBSD__)
+#if defined(__OpenBSD__)
 # include 
 #endif
 
@@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, 
  * when the sysctl returns long and we want to request something not a
  * multiple of longs, which should never be the case.
  */
+#if   defined(__FreeBSD__)
 if (!ossl_assert(buflen % sizeof(long) == 0)) {
 errno = EINVAL;
 return -1;
 }
+#endif
 
 /*
  * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
@@ -268,7 +270,8 @@ static ssize_t sysctl_random(char *buf, 
 mib[1] = KERN_ARND;
 
 do {
-len = buflen;
+/* On NetBSD, KERN_ARND fails if more than 256 bytes are requested */
+len = buflen > 256 ? 256 : buflen;
 if (sysctl(mib, 2, buf, , NULL, 0) == -1)
 return done > 0 ? done : -1;
 done += len;

CVS commit: [netbsd-9] src/crypto/external/bsd/openssl/dist/crypto/rand

2020-04-30 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Thu Apr 30 16:17:04 UTC 2020

Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/rand [netbsd-9]:
rand_unix.c

Log Message:
Pull up following revision(s) (requested by nia in ticket #878):

crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.16

Fix the detection of KERN_ARND by OpenSSL.

Firstly, include the correct headers. Then, make sure that requests
never exceed 256 bytes.

Disable a hack for old FreeBSD versions, just in case it actually gets
used.

This should mean that OpenSSL doesn't ever fall back to reading from
/dev/urandom.

XXX pullup, XXX upstream.


To generate a diff of this commit:
cvs rdiff -u -r1.12.2.3 -r1.12.2.4 \
src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-9] src/crypto/external/bsd/openssl/dist/crypto/rand

2020-02-20 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Thu Feb 20 14:48:19 UTC 2020

Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/rand [netbsd-9]:
rand_unix.c

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #714):

crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.14

Open /dev/urandom with O_CLOEXEC.

Let's avoid bleeding file descriptors into our clients' children,
shall we?

XXX pullup


To generate a diff of this commit:
cvs rdiff -u -r1.12.2.1 -r1.12.2.2 \
src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-9] src/crypto/external/bsd/openssl/dist/crypto/rand

2020-02-20 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Thu Feb 20 14:48:19 UTC 2020

Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/rand [netbsd-9]:
rand_unix.c

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #714):

crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.14

Open /dev/urandom with O_CLOEXEC.

Let's avoid bleeding file descriptors into our clients' children,
shall we?

XXX pullup


To generate a diff of this commit:
cvs rdiff -u -r1.12.2.1 -r1.12.2.2 \
src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.1 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.2
--- src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.1	Mon Jan 27 07:21:42 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c	Thu Feb 20 14:48:19 2020
@@ -479,7 +479,7 @@ static int get_random_device(size_t n)
 return rd->fd;
 
 /* open the random device ... */
-if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
+if ((rd->fd = open(random_device_paths[n], O_RDONLY|O_CLOEXEC)) == -1)
 return rd->fd;
 
 /* ... and cache its relevant stat(2) data */