mirror of
https://git.freebsd.org/ports.git
synced 2025-07-13 15:29:15 -04:00
728e55945d
Replace RAND_SSLeay->bytes with arc4random_buf when using LibreSSL, as it supports RAND_SSLeay only for ABI compatibility [0]. Note that the code in question in mariadb mentions that RAND_bytes isn't guaranteed to not block and therefore uses these functions directly. As LibreSSL implements RAND_bytes in terms of arc4random_buf, which shouldn't block, the patch could also use RAND_bytes instead of using arc4random_buf directly, but the current version of the patch has been tested in production and might be less confusing overall. Bumped revision, as this fixes a runtime problem. [0] https://github.com/libressl/libressl/blob/master/src/crypto/rand/rand_lib.c#L36 PR: 213577 Approved by: ssl blanket
25 lines
700 B
C++
25 lines
700 B
C++
--- mysys_ssl/my_crypt.cc.orig 2016-08-29 16:38:54.000000000 +0200
|
|
+++ mysys_ssl/my_crypt.cc 2016-10-17 19:14:45.146531847 +0200
|
|
@@ -275,10 +275,14 @@
|
|
return MY_AES_OK;
|
|
}
|
|
#else
|
|
+#include <openssl/opensslv.h>
|
|
#include <openssl/rand.h>
|
|
|
|
int my_random_bytes(uchar *buf, int num)
|
|
{
|
|
+#if defined(LIBRESSL_VERSION_NUMBER)
|
|
+ arc4random_buf(buf, num);
|
|
+#else
|
|
/*
|
|
Unfortunately RAND_bytes manual page does not provide any guarantees
|
|
in relation to blocking behavior. Here we explicitly use SSLeay random
|
|
@@ -288,6 +292,7 @@
|
|
RAND_METHOD *rand = RAND_SSLeay();
|
|
if (rand == NULL || rand->bytes(buf, num) != 1)
|
|
return MY_AES_OPENSSL_ERROR;
|
|
+#endif
|
|
return MY_AES_OK;
|
|
}
|
|
#endif
|