CVS commit: [netbsd-9] src/crypto/external/bsd/openssl/dist/crypto/rand
Module Name:src Committed By: martin Date: Thu Apr 30 16:17:04 UTC 2020 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/rand [netbsd-9]: rand_unix.c Log Message: Pull up following revision(s) (requested by nia in ticket #878): crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.16 Fix the detection of KERN_ARND by OpenSSL. Firstly, include the correct headers. Then, make sure that requests never exceed 256 bytes. Disable a hack for old FreeBSD versions, just in case it actually gets used. This should mean that OpenSSL doesn't ever fall back to reading from /dev/urandom. XXX pullup, XXX upstream. To generate a diff of this commit: cvs rdiff -u -r1.12.2.3 -r1.12.2.4 \ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.3 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.4 --- src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.3 Mon Apr 27 14:47:26 2020 +++ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Thu Apr 30 16:17:04 2020 @@ -26,12 +26,12 @@ # include # endif #endif -#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) +#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) # include # include # include #endif -#if defined(__OpenBSD__) || defined(__NetBSD__) +#if defined(__OpenBSD__) # include #endif @@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, * when the sysctl returns long and we want to request something not a * multiple of longs, which should never be the case. */ +#if defined(__FreeBSD__) if (!ossl_assert(buflen % sizeof(long) == 0)) { errno = EINVAL; return -1; } +#endif /* * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only @@ -268,7 +270,8 @@ static ssize_t sysctl_random(char *buf, mib[1] = KERN_ARND; do { -len = buflen; +/* On NetBSD, KERN_ARND fails if more than 256 bytes are requested */ +len = buflen > 256 ? 256 : buflen; if (sysctl(mib, 2, buf, , NULL, 0) == -1) return done > 0 ? done : -1; done += len;
CVS commit: [netbsd-9] src/crypto/external/bsd/openssl/dist/crypto/rand
Module Name:src Committed By: martin Date: Thu Apr 30 16:17:04 UTC 2020 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/rand [netbsd-9]: rand_unix.c Log Message: Pull up following revision(s) (requested by nia in ticket #878): crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.16 Fix the detection of KERN_ARND by OpenSSL. Firstly, include the correct headers. Then, make sure that requests never exceed 256 bytes. Disable a hack for old FreeBSD versions, just in case it actually gets used. This should mean that OpenSSL doesn't ever fall back to reading from /dev/urandom. XXX pullup, XXX upstream. To generate a diff of this commit: cvs rdiff -u -r1.12.2.3 -r1.12.2.4 \ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/crypto/external/bsd/openssl/dist/crypto/rand
Module Name:src Committed By: martin Date: Thu Feb 20 14:48:19 UTC 2020 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/rand [netbsd-9]: rand_unix.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #714): crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.14 Open /dev/urandom with O_CLOEXEC. Let's avoid bleeding file descriptors into our clients' children, shall we? XXX pullup To generate a diff of this commit: cvs rdiff -u -r1.12.2.1 -r1.12.2.2 \ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/crypto/external/bsd/openssl/dist/crypto/rand
Module Name:src Committed By: martin Date: Thu Feb 20 14:48:19 UTC 2020 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/rand [netbsd-9]: rand_unix.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #714): crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.14 Open /dev/urandom with O_CLOEXEC. Let's avoid bleeding file descriptors into our clients' children, shall we? XXX pullup To generate a diff of this commit: cvs rdiff -u -r1.12.2.1 -r1.12.2.2 \ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.1 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.2 --- src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.12.2.1 Mon Jan 27 07:21:42 2020 +++ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Thu Feb 20 14:48:19 2020 @@ -479,7 +479,7 @@ static int get_random_device(size_t n) return rd->fd; /* open the random device ... */ -if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1) +if ((rd->fd = open(random_device_paths[n], O_RDONLY|O_CLOEXEC)) == -1) return rd->fd; /* ... and cache its relevant stat(2) data */