1 files changed, 46 insertions, 29 deletions
diff --git a/src/openssl.c b/src/openssl.c
index d8eebb5..78dbd65 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -23,6 +23,10 @@
 * USE OR OTHER DEALINGS IN THE SOFTWARE.
 * ==========================================================================
 */
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
 #include <limits.h>       /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */
 #include <stdint.h>       /* uintptr_t */
 #include <string.h>       /* memset(3) strerror_r(3) */
@@ -79,10 +83,6 @@
 #define LIBRESSL_PREREQ(M, m, p) \
        (LIBRESSL_VERSION_NUMBER >= (((M) << 28) | ((m) << 20) | ((p) << 12)))
-#ifndef HAVE_DLADDR
-#define HAVE_DLADDR (!defined _AIX) /* TODO: https://root.cern.ch/drupal/content/aix-and-dladdr */
-#endif
 #ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
 #define HAVE_SSL_CTX_SET_ALPN_PROTOS OPENSSL_PREREQ(1, 0, 2)
 #endif
@@ -7811,49 +7811,61 @@ static struct randL_state *randL_getstate(lua_State *L) {
        return lua_touserdata(L, lua_upvalueindex(1));
 } /* randL_getstate() */
-#ifndef HAVE_SYS_SYSCTL_H
+#if HAVE_SYS_SYSCALL_H
-#define HAVE_SYS_SYSCTL_H (BSD || __GLIBC__)
+#include <sys/syscall.h> /* SYS_getrandom syscall(2) */
 #endif
 #if HAVE_SYS_SYSCTL_H
-#include <sys/sysctl.h> /* CTL_KERN KERN_RANDOM RANDOM_UUID KERN_URND KERN_ARND sysctl(2) */
+#include <sys/sysctl.h> /* CTL_KERN KERN_RANDOM RANDOM_UUID sysctl(2) */
-#endif
-#ifndef HAVE_RANDOM_UUID
-#define HAVE_RANDOM_UUID (HAVE_SYS_SYSCTL_H && defined __linux) /* RANDOM_UUID is an enum, not macro */
-#endif
-#ifndef HAVE_KERN_URND
-#define HAVE_KERN_URND (defined KERN_URND)
-#endif
-#ifndef HAVE_KERN_ARND
-#define HAVE_KERN_ARND (defined KERN_ARND)
 #endif
 static int randL_stir(struct randL_state *st, unsigned rqstd) {
        unsigned count = 0;
        int error;
        unsigned char data[256];
-#if HAVE_RANDOM_UUID || HAVE_KERN_URND || HAVE_KERN_ARND
-#if HAVE_RANDOM_UUID
+#if HAVE_ARC4RANDOM
-        int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
+        while (count < rqstd) {
-#elif HAVE_KERN_URND
+                size_t n = MIN(rqstd - count, sizeof data);
-        int mib[] = { CTL_KERN, KERN_URND };
-#else
+                arc4random(data, n);
-        int mib[] = { CTL_KERN, KERN_ARND };
+                RAND_seed(data, n);
+                count += n;
+        }
+#endif
+#if HAVE_SYSCALL && HAVE_DECL_SYS_GETRANDOM
+        while (count < rqstd) {
+                size_t lim = MIN(rqstd - count, sizeof data);
+                int n;
+                n = syscall(SYS_getrandom, data, lim, 0);
+                if (n == -1) {
+                        break;
+                }
+                RAND_seed(data, n);
+                count += n;
+        }
 #endif
+#if HAVE_SYS_SYSCTL_H && HAVE_DECL_RANDOM_UUID
        while (count < rqstd) {
+                int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
                size_t n = MIN(rqstd - count, sizeof data);
                if (0 != sysctl(mib, countof(mib), data, &n, (void *)0, 0))
                        break;
-                RAND_add(data, n, n);
+                RAND_seed(data, n);
                count += n;
        }
 #endif
        if (count < rqstd) {
@@ -7884,7 +7896,7 @@ static int randL_stir(struct randL_state *st, unsigned rqstd) {
                                goto error;
                        default:
-                                RAND_add(data, n, n);
+                                RAND_seed(data, n);
                                count += n;
                        }
@@ -7922,7 +7934,12 @@ error:;
 #elif defined __sun
        /*
         * NOTE: Linux requires -lrt for clock_gettime, and in any event
-         * already has RANDOM_UUID. The BSDs have KERN_URND and KERN_ARND.
+         * should have RANDOM_UUID or getrandom. (Though, some middle-aged
+         * kernels might have neither). The BSDs have arc4random which
+         * should be using KERN_URND, KERN_ARND, and more recently
+         * getentropy. (Though, again, some older BSD kernels used an
+         * arc4random implementation that opened /dev/urandom.)
+         *
         * Just do this for Solaris to keep things simple. We've already
         * crossed the line of what can be reasonably accomplished on
         * unreasonable platforms.

diff --git a/src/openssl.c b/src/openssl.c index d8eebb5..78dbd65 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -23,6 +23,10 @@
23	* USE OR OTHER DEALINGS IN THE SOFTWARE.	23	* USE OR OTHER DEALINGS IN THE SOFTWARE.
24	* ==========================================================================	24	* ==========================================================================
25	*/	25	*/
		26	#if HAVE_CONFIG_H
		27	#include "config.h"
		28	#endif
		29
26	#include <limits.h> /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */	30	#include <limits.h> /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */
27	#include <stdint.h> /* uintptr_t */	31	#include <stdint.h> /* uintptr_t */
28	#include <string.h> /* memset(3) strerror_r(3) */	32	#include <string.h> /* memset(3) strerror_r(3) */
@@ -79,10 +83,6 @@
79	#define LIBRESSL_PREREQ(M, m, p) \	83	#define LIBRESSL_PREREQ(M, m, p) \
80	(LIBRESSL_VERSION_NUMBER >= (((M) << 28) \| ((m) << 20) \| ((p) << 12)))	84	(LIBRESSL_VERSION_NUMBER >= (((M) << 28) \| ((m) << 20) \| ((p) << 12)))
81		85
82	#ifndef HAVE_DLADDR
83	#define HAVE_DLADDR (!defined _AIX) /* TODO: https://root.cern.ch/drupal/content/aix-and-dladdr */
84	#endif
85
86	#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS	86	#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
87	#define HAVE_SSL_CTX_SET_ALPN_PROTOS OPENSSL_PREREQ(1, 0, 2)	87	#define HAVE_SSL_CTX_SET_ALPN_PROTOS OPENSSL_PREREQ(1, 0, 2)
88	#endif	88	#endif
@@ -7811,49 +7811,61 @@ static struct randL_state randL_getstate(lua_State L) {
7811	return lua_touserdata(L, lua_upvalueindex(1));	7811	return lua_touserdata(L, lua_upvalueindex(1));
7812	} /* randL_getstate() */	7812	} /* randL_getstate() */
7813		7813
7814	#ifndef HAVE_SYS_SYSCTL_H	7814	#if HAVE_SYS_SYSCALL_H
7815	#define HAVE_SYS_SYSCTL_H (BSD \|\| __GLIBC__)	7815	#include <sys/syscall.h> /* SYS_getrandom syscall(2) */
7816	#endif	7816	#endif
7817		7817
7818	#if HAVE_SYS_SYSCTL_H	7818	#if HAVE_SYS_SYSCTL_H
7819	#include <sys/sysctl.h> /* CTL_KERN KERN_RANDOM RANDOM_UUID KERN_URND KERN_ARND sysctl(2) */	7819	#include <sys/sysctl.h> /* CTL_KERN KERN_RANDOM RANDOM_UUID sysctl(2) */
7820	#endif
7821
7822	#ifndef HAVE_RANDOM_UUID
7823	#define HAVE_RANDOM_UUID (HAVE_SYS_SYSCTL_H && defined __linux) /* RANDOM_UUID is an enum, not macro */
7824	#endif
7825
7826	#ifndef HAVE_KERN_URND
7827	#define HAVE_KERN_URND (defined KERN_URND)
7828	#endif
7829
7830	#ifndef HAVE_KERN_ARND
7831	#define HAVE_KERN_ARND (defined KERN_ARND)
7832	#endif	7820	#endif
7833		7821
7834	static int randL_stir(struct randL_state *st, unsigned rqstd) {	7822	static int randL_stir(struct randL_state *st, unsigned rqstd) {
7835	unsigned count = 0;	7823	unsigned count = 0;
7836	int error;	7824	int error;
7837	unsigned char data[256];	7825	unsigned char data[256];
7838	#if HAVE_RANDOM_UUID \|\| HAVE_KERN_URND \|\| HAVE_KERN_ARND	7826
7839	#if HAVE_RANDOM_UUID	7827	#if HAVE_ARC4RANDOM
7840	int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };	7828	while (count < rqstd) {
7841	#elif HAVE_KERN_URND	7829	size_t n = MIN(rqstd - count, sizeof data);
7842	int mib[] = { CTL_KERN, KERN_URND };	7830
7843	#else	7831	arc4random(data, n);
7844	int mib[] = { CTL_KERN, KERN_ARND };	7832
		7833	RAND_seed(data, n);
		7834
		7835	count += n;
		7836	}
		7837	#endif
		7838
		7839	#if HAVE_SYSCALL && HAVE_DECL_SYS_GETRANDOM
		7840	while (count < rqstd) {
		7841	size_t lim = MIN(rqstd - count, sizeof data);
		7842	int n;
		7843
		7844	n = syscall(SYS_getrandom, data, lim, 0);
		7845
		7846	if (n == -1) {
		7847	break;
		7848	}
		7849
		7850	RAND_seed(data, n);
		7851
		7852	count += n;
		7853	}
7845	#endif	7854	#endif
7846		7855
		7856	#if HAVE_SYS_SYSCTL_H && HAVE_DECL_RANDOM_UUID
7847	while (count < rqstd) {	7857	while (count < rqstd) {
		7858	int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
7848	size_t n = MIN(rqstd - count, sizeof data);	7859	size_t n = MIN(rqstd - count, sizeof data);
7849		7860
7850	if (0 != sysctl(mib, countof(mib), data, &n, (void *)0, 0))	7861	if (0 != sysctl(mib, countof(mib), data, &n, (void *)0, 0))
7851	break;	7862	break;
7852		7863
7853	RAND_add(data, n, n);	7864	RAND_seed(data, n);
7854		7865
7855	count += n;	7866	count += n;
7856	}	7867	}
		7868
7857	#endif	7869	#endif
7858		7870
7859	if (count < rqstd) {	7871	if (count < rqstd) {
@@ -7884,7 +7896,7 @@ static int randL_stir(struct randL_state *st, unsigned rqstd) {
7884		7896
7885	goto error;	7897	goto error;
7886	default:	7898	default:
7887	RAND_add(data, n, n);	7899	RAND_seed(data, n);
7888		7900
7889	count += n;	7901	count += n;
7890	}	7902	}
@@ -7922,7 +7934,12 @@ error:;
7922	#elif defined __sun	7934	#elif defined __sun
7923	/*	7935	/*
7924	* NOTE: Linux requires -lrt for clock_gettime, and in any event	7936	* NOTE: Linux requires -lrt for clock_gettime, and in any event
7925	* already has RANDOM_UUID. The BSDs have KERN_URND and KERN_ARND.	7937	* should have RANDOM_UUID or getrandom. (Though, some middle-aged
		7938	* kernels might have neither). The BSDs have arc4random which
		7939	* should be using KERN_URND, KERN_ARND, and more recently
		7940	* getentropy. (Though, again, some older BSD kernels used an
		7941	* arc4random implementation that opened /dev/urandom.)
		7942	*
7926	* Just do this for Solaris to keep things simple. We've already	7943	* Just do this for Solaris to keep things simple. We've already
7927	* crossed the line of what can be reasonably accomplished on	7944	* crossed the line of what can be reasonably accomplished on
7928	* unreasonable platforms.	7945	* unreasonable platforms.