Use RAND_status to determine PRNG state

This commit is contained in:
Gerhard Rieger 2016-07-24 21:51:33 +02:00
parent d5b87cea87
commit 7da1766048
4 changed files with 9 additions and 0 deletions

View file

@ -58,6 +58,9 @@ porting:
Make Socat compatible with BoringSSL. Make Socat compatible with BoringSSL.
Thanks to Matt Braithwaite for providing a patch. Thanks to Matt Braithwaite for providing a patch.
OpenSSL: Use RAND_status to determine PRNG state
Thanks to Adam Langley for providing a patch
testing: testing:
socks4echo.sh and socks4a-echo.sh hung with new bash with read -n socks4echo.sh and socks4a-echo.sh hung with new bash with read -n

View file

@ -456,6 +456,9 @@
/* Define if you have the OpenSSL RAND_egd function */ /* Define if you have the OpenSSL RAND_egd function */
#undef HAVE_RAND_egd #undef HAVE_RAND_egd
/* Define if you have the OpenSSL RAND_status function */
#undef HAVE_RAND_status
/* Define if you have the OpenSSL DH_set0_pqg function */ /* Define if you have the OpenSSL DH_set0_pqg function */
#undef HAVE_DH_set0_pqg #undef HAVE_DH_set0_pqg

View file

@ -1464,6 +1464,7 @@ AC_CHECK_FUNC(DTLSv1_server_method, AC_DEFINE(HAVE_DTLSv1_server_method), AC_CHE
AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, [LIBS=-lcrypt $LIBS]))
AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS]))
AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS]))
AC_CHECK_FUNC(RAND_status, AC_DEFINE(HAVE_RAND_status))
AC_MSG_CHECKING(for type EC_KEY) AC_MSG_CHECKING(for type EC_KEY)
AC_CACHE_VAL(sc_cv_type_EC_TYPE, AC_CACHE_VAL(sc_cv_type_EC_TYPE,

View file

@ -1123,6 +1123,8 @@ static int openssl_SSL_ERROR_SSL(int level, const char *funcname) {
( (
#if defined(OPENSSL_IS_BORINGSSL) #if defined(OPENSSL_IS_BORINGSSL)
0 /* BoringSSL's RNG always succeeds. */ 0 /* BoringSSL's RNG always succeeds. */
#elif defined(HAVE_RAND_status)
ERR_GET_LIB(e) == ERR_LIB_RAND && RAND_status() != 1
#else #else
e == ((ERR_LIB_RAND<<24)| e == ((ERR_LIB_RAND<<24)|
#if defined(RAND_F_RAND_BYTES) #if defined(RAND_F_RAND_BYTES)