diff options
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | compat/getentropy_freebsd.c | 6 | ||||
-rw-r--r-- | compat/getentropy_netbsd.c | 6 | ||||
-rw-r--r-- | compat/getentropy_win.c | 27 | ||||
-rw-r--r-- | m4/check-os-options.m4 | 2 | ||||
-rw-r--r-- | man/Makefile.am | 36 |
6 files changed, 15 insertions, 64 deletions
diff --git a/VERSION b/VERSION index 19ef286..8fe1da8 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -3.2.2 +3.3.0 diff --git a/compat/getentropy_freebsd.c b/compat/getentropy_freebsd.c index 30cd68e..ea90ffe 100644 --- a/compat/getentropy_freebsd.c +++ b/compat/getentropy_freebsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ +/* $OpenBSD: getentropy_freebsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $ */ /* * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org> @@ -32,11 +32,9 @@ static size_t getentropy_sysctl(u_char *buf, size_t size) { - int mib[2]; + const int mib[2] = { CTL_KERN, KERN_ARND }; size_t len, done; - mib[0] = CTL_KERN; - mib[1] = KERN_ARND; done = 0; do { diff --git a/compat/getentropy_netbsd.c b/compat/getentropy_netbsd.c index 45d68c9..5dc8959 100644 --- a/compat/getentropy_netbsd.c +++ b/compat/getentropy_netbsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ +/* $OpenBSD: getentropy_netbsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $ */ /* * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org> @@ -32,11 +32,9 @@ static size_t getentropy_sysctl(u_char *buf, size_t size) { - int mib[2]; + const int mib[2] = { CTL_KERN, KERN_ARND }; size_t len, done; - mib[0] = CTL_KERN; - mib[1] = KERN_ARND; done = 0; do { diff --git a/compat/getentropy_win.c b/compat/getentropy_win.c index 2abeb27..64514b3 100644 --- a/compat/getentropy_win.c +++ b/compat/getentropy_win.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */ +/* $OpenBSD: getentropy_win.c,v 1.6 2020/11/11 10:41:24 bcook Exp $ */ /* * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> @@ -21,39 +21,30 @@ */ #include <windows.h> +#include <bcrypt.h> #include <errno.h> #include <stdint.h> #include <sys/types.h> -#include <wincrypt.h> -#include <process.h> int getentropy(void *buf, size_t len); /* - * On Windows, CryptGenRandom is supposed to be a well-seeded - * cryptographically strong random number generator. + * On Windows, BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG is supposed + * to be a well-seeded, cryptographically strong random number generator. + * https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom */ int getentropy(void *buf, size_t len) { - HCRYPTPROV provider; - if (len > 256) { errno = EIO; return (-1); } - if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT) == 0) - goto fail; - if (CryptGenRandom(provider, len, buf) == 0) { - CryptReleaseContext(provider, 0); - goto fail; + if (FAILED(BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { + errno = EIO; + return (-1); } - CryptReleaseContext(provider, 0); - return (0); -fail: - errno = EIO; - return (-1); + return (0); } diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4 index 8241aee..c014efb 100644 --- a/m4/check-os-options.m4 +++ b/m4/check-os-options.m4 @@ -112,7 +112,7 @@ char buf[1]; getentropy(buf, 1); CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS" CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600" CPPFLAGS="$CPPFLAGS" - AC_SUBST([PLATFORM_LDADD], ['-lws2_32']) + AC_SUBST([PLATFORM_LDADD], ['-lws2_32 -lbcrypt']) ;; *solaris*) HOST_OS=solaris diff --git a/man/Makefile.am b/man/Makefile.am index c2f2697..ad840b6 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -2282,14 +2282,6 @@ install-data-hook: ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3" ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3" ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3" - ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3" - ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3" - ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3" - ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3" - ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3" - ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3" - ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3" - ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3" ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3" ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3" ln -sf "SSL_rstate_string.3" "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3" @@ -3101,16 +3093,6 @@ install-data-hook: ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_handshake.3" ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3" ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_write.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3" - ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3" uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3" @@ -4903,14 +4885,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3" - -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3" - -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3" - -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3" - -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3" - -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3" - -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3" - -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3" - -rm -f "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3" @@ -5722,13 +5696,3 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/tls_handshake.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_write.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3" - -rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3" |