diff options
author | Matt A. Tobin <email@mattatobin.com> | 2021-01-03 00:57:13 -0500 |
---|---|---|
committer | Matt A. Tobin <email@mattatobin.com> | 2021-01-03 00:57:13 -0500 |
commit | 663fc9f394df26635d33f67d8541b3ceed540f83 (patch) | |
tree | d0570c11e8834349cebb3b83d9cfca56ca5a1e4c | |
parent | b55cfb1f0c3aebbb6a7c9b4d6a2dc11e7c21eee5 (diff) | |
download | uxp-663fc9f394df26635d33f67d8541b3ceed540f83.tar.gz |
Issue #1699 - Part 2: Remove dangerous uses of evutil_secure_rng_add_bytes (arc4random_addrandom) from Chromium IPC
References:
http://marc.info/?l=openbsd-cvs&m=138238762705209&w=2
https://bugzilla.mozilla.org/show_bug.cgi?id=931354
https://sourceforge.net/p/levent/bugs/320/
-rw-r--r-- | ipc/chromium/src/third_party/libevent/evutil_rand.c | 9 | ||||
-rw-r--r-- | ipc/chromium/src/third_party/libevent/include/event2/util.h | 18 |
2 files changed, 0 insertions, 27 deletions
diff --git a/ipc/chromium/src/third_party/libevent/evutil_rand.c b/ipc/chromium/src/third_party/libevent/evutil_rand.c index 7c92bae232..3f5c05b34a 100644 --- a/ipc/chromium/src/third_party/libevent/evutil_rand.c +++ b/ipc/chromium/src/third_party/libevent/evutil_rand.c @@ -138,12 +138,3 @@ evutil_secure_rng_get_bytes(void *buf, size_t n) { ev_arc4random_buf(buf, n); } - -#if !defined(__OpenBSD__) && !defined(ANDROID) && !defined(__sun__) -void -evutil_secure_rng_add_bytes(const char *buf, size_t n) -{ - arc4random_addrandom((unsigned char*)buf, - n>(size_t)INT_MAX ? INT_MAX : (int)n); -} -#endif diff --git a/ipc/chromium/src/third_party/libevent/include/event2/util.h b/ipc/chromium/src/third_party/libevent/include/event2/util.h index 78516c1563..0f9212af11 100644 --- a/ipc/chromium/src/third_party/libevent/include/event2/util.h +++ b/ipc/chromium/src/third_party/libevent/include/event2/util.h @@ -672,24 +672,6 @@ void evutil_secure_rng_get_bytes(void *buf, size_t n); */ int evutil_secure_rng_init(void); -#if !defined(__OpenBSD__) && !defined(ANDROID) && !defined(__sun__) -/** Seed the random number generator with extra random bytes. - - You should almost never need to call this function; it should be - sufficient to invoke evutil_secure_rng_init(), or let Libevent take - care of calling evutil_secure_rng_init() on its own. - - If you call this function as a _replacement_ for the regular - entropy sources, then you need to be sure that your input - contains a fairly large amount of strong entropy. Doing so is - notoriously hard: most people who try get it wrong. Watch out! - - @param dat a buffer full of a strong source of random numbers - @param datlen the number of bytes to read from datlen - */ -void evutil_secure_rng_add_bytes(const char *dat, size_t datlen); -#endif - #ifdef __cplusplus } #endif |