ports

sync/ports

Fork 0

mirror of https://git.freebsd.org/ports.git synced 2025-07-13 23:39:20 -04:00

Commit graph

Author	SHA1	Message	Date
Michael Gmelin	728e55945d	Fix data encryption at rest when building with LibreSSL Replace RAND_SSLeay->bytes with arc4random_buf when using LibreSSL, as it supports RAND_SSLeay only for ABI compatibility [0]. Note that the code in question in mariadb mentions that RAND_bytes isn't guaranteed to not block and therefore uses these functions directly. As LibreSSL implements RAND_bytes in terms of arc4random_buf, which shouldn't block, the patch could also use RAND_bytes instead of using arc4random_buf directly, but the current version of the patch has been tested in production and might be less confusing overall. Bumped revision, as this fixes a runtime problem. [0] https://github.com/libressl/libressl/blob/master/src/crypto/rand/rand_lib.c#L36 PR: 213577 Approved by: ssl blanket	2016-11-05 16:56:00 +00:00

Author

SHA1

Message

Date

Michael Gmelin

728e55945d

Fix data encryption at rest when building with LibreSSL

Replace RAND_SSLeay->bytes with arc4random_buf when using LibreSSL, as
it supports RAND_SSLeay only for ABI compatibility [0].

Note that the code in question in mariadb mentions that RAND_bytes
isn't guaranteed to not block and therefore uses these functions directly.
As LibreSSL implements RAND_bytes in terms of arc4random_buf, which
shouldn't block, the patch could also use RAND_bytes instead of
using arc4random_buf directly, but the current version of the patch
has been tested in production and might be less confusing overall.

Bumped revision, as this fixes a runtime problem.

[0]
https://github.com/libressl/libressl/blob/master/src/crypto/rand/rand_lib.c#L36

PR:		213577
Approved by:	ssl blanket

2016-11-05 16:56:00 +00:00

1 commit