git: 838b6caababb - main - openssl: use getrandom(2) instead of probing for getentropy(2)
Date: Tue, 16 Jul 2024 05:12:45 UTC
The branch main has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=838b6caababbaaab65659d40a41c2dd46b3a5fd2
commit 838b6caababbaaab65659d40a41c2dd46b3a5fd2
Author: Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2024-07-16 05:12:27 +0000
Commit: Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-07-16 05:12:27 +0000
openssl: use getrandom(2) instead of probing for getentropy(2)
The probing for getentropy(2) relies on re-declaring getentropy(2)
as weak and checking the address, but this is incompatible with
the _FORTIFY_SOURCE symbol renaming scheme. It's always present on
all supported FreeBSD versions now so we could cut it down to
unconditional use, but there's another segment for getrandom(2)
already that's cleaner to just add us to.
We should upstream this.
Reviewed by: kib (earlier version), markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45976
---
.../openssl/providers/implementations/rands/seeding/rand_unix.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/crypto/openssl/providers/implementations/rands/seeding/rand_unix.c b/crypto/openssl/providers/implementations/rands/seeding/rand_unix.c
index 750afca58ed7..eadacedbe40c 100644
--- a/crypto/openssl/providers/implementations/rands/seeding/rand_unix.c
+++ b/crypto/openssl/providers/implementations/rands/seeding/rand_unix.c
@@ -356,7 +356,7 @@ static ssize_t syscall_random(void *buf, size_t buflen)
* Note: Sometimes getentropy() can be provided but not implemented
* internally. So we need to check errno for ENOSYS
*/
-# if !defined(__DragonFly__) && !defined(__NetBSD__)
+# if !defined(__DragonFly__) && !defined(__NetBSD__) && !defined(__FreeBSD__)
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
@@ -393,11 +393,12 @@ static ssize_t syscall_random(void *buf, size_t buflen)
/* Linux supports this since version 3.17 */
# if defined(__linux) && defined(__NR_getrandom)
return syscall(__NR_getrandom, buf, buflen, 0);
-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
- return sysctl_random(buf, buflen);
# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \
- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000)
+ || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) \
+ || defined(__FreeBSD__)
return getrandom(buf, buflen, 0);
+# elif defined(__NetBSD__) && defined(KERN_ARND)
+ return sysctl_random(buf, buflen);
# else
errno = ENOSYS;
return -1;