Thursday, March 03, 2022

Re: [UPDATE] security/stunnel to 5.62

> I think that may be an upstream bug, OpenSSL can return NULL for
> RAND_get_rand_method too.
>
> 351 NOEXPORT int prng_init(GLOBAL_OPTIONS *global) {
> 352 int totbytes=0;
> 353 char filename[256];
> 354 const RAND_METHOD *meth=RAND_get_rand_method();
> 355
> 356 /* skip PRNG initialization when no seeding methods are available */
> 357 if(meth->status==NULL || meth->add==NULL) {
> 358 s_log(LOG_DEBUG, "No PRNG seeding methods");
> 359 return 0; /* success */
> 360 }
> 361
> 362 if(RAND_status()) {
> 363 s_log(LOG_DEBUG, "No PRNG seeding was required");
> 364 return 0; /* success */
> 365 }

Makes sense, I agree, I have addressed it upstream.

> With stunnel it really feels like the dev is going out of his way to
> make the software as annoying as possible to build against LibreSSL.
> Which makes me definitely think we should keep building against LibreSSL! :)

Diff inline below updated including the RAND_get_rand_method() changes.

Thanks for your review,
gsoares

No comments:

Post a Comment