From 663fc9f394df26635d33f67d8541b3ceed540f83 Mon Sep 17 00:00:00 2001
From: "Matt A. Tobin" <email@mattatobin.com>
Date: Sun, 3 Jan 2021 00:57:13 -0500
Subject: Issue #1699 - Part 2: Remove dangerous uses of
 evutil_secure_rng_add_bytes (arc4random_addrandom) from Chromium IPC

References:

http://marc.info/?l=openbsd-cvs&m=138238762705209&w=2
https://bugzilla.mozilla.org/show_bug.cgi?id=931354
https://sourceforge.net/p/levent/bugs/320/
---
 ipc/chromium/src/third_party/libevent/evutil_rand.c    |  9 ---------
 .../src/third_party/libevent/include/event2/util.h     | 18 ------------------
 2 files changed, 27 deletions(-)

diff --git a/ipc/chromium/src/third_party/libevent/evutil_rand.c b/ipc/chromium/src/third_party/libevent/evutil_rand.c
index 7c92bae232..3f5c05b34a 100644
--- a/ipc/chromium/src/third_party/libevent/evutil_rand.c
+++ b/ipc/chromium/src/third_party/libevent/evutil_rand.c
@@ -138,12 +138,3 @@ evutil_secure_rng_get_bytes(void *buf, size_t n)
 {
 	ev_arc4random_buf(buf, n);
 }
-
-#if !defined(__OpenBSD__) && !defined(ANDROID) && !defined(__sun__)
-void
-evutil_secure_rng_add_bytes(const char *buf, size_t n)
-{
-	arc4random_addrandom((unsigned char*)buf,
-	    n>(size_t)INT_MAX ? INT_MAX : (int)n);
-}
-#endif
diff --git a/ipc/chromium/src/third_party/libevent/include/event2/util.h b/ipc/chromium/src/third_party/libevent/include/event2/util.h
index 78516c1563..0f9212af11 100644
--- a/ipc/chromium/src/third_party/libevent/include/event2/util.h
+++ b/ipc/chromium/src/third_party/libevent/include/event2/util.h
@@ -672,24 +672,6 @@ void evutil_secure_rng_get_bytes(void *buf, size_t n);
  */
 int evutil_secure_rng_init(void);
 
-#if !defined(__OpenBSD__) && !defined(ANDROID) && !defined(__sun__)
-/** Seed the random number generator with extra random bytes.
-
-    You should almost never need to call this function; it should be
-    sufficient to invoke evutil_secure_rng_init(), or let Libevent take
-    care of calling evutil_secure_rng_init() on its own.
-
-    If you call this function as a _replacement_ for the regular
-    entropy sources, then you need to be sure that your input
-    contains a fairly large amount of strong entropy.  Doing so is
-    notoriously hard: most people who try get it wrong.  Watch out!
-
-    @param dat a buffer full of a strong source of random numbers
-    @param datlen the number of bytes to read from datlen
- */
-void evutil_secure_rng_add_bytes(const char *dat, size_t datlen);
-#endif
-
 #ifdef __cplusplus
 }
 #endif
-- 
cgit v1.2.3