Merge #136035: openssl: 1.1.1k -> 1.1.1l (again)

Hydra has < 25% of x86_64-linux jobs remaining:
https://hydra.nixos.org/eval/1700096?filter=x86_64-linux
so let's go on and get unstable-small channel, etc.

x86_64-darwin users will probably have to stay on an older commit
for a while, e.g. the nixpkgs-unstable channel.
This commit is contained in:
Vladimír Čunát 2021-08-29 12:59:18 +02:00
commit 75c8d45096
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
2 changed files with 60 additions and 2 deletions

@ -0,0 +1,56 @@
From cef404f1e7a598166cbc2fd2e0048f7e2d752ad5 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Tue, 24 Aug 2021 22:40:14 +0100
Subject: [PATCH] Darwin platform allows to build on releases before
Yosemite/ios 8.
issue #16407 #16408
---
crypto/rand/rand_unix.c | 5 +----
include/crypto/rand.h | 10 ++++++++++
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 43f1069d151d..0f4525106af7 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -34,9 +34,6 @@
#if defined(__OpenBSD__)
# include <sys/param.h>
#endif
-#if defined(__APPLE__)
-# include <CommonCrypto/CommonRandom.h>
-#endif
#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
# include <sys/types.h>
@@ -381,7 +378,7 @@ static ssize_t syscall_random(void *buf, size_t buflen)
if (errno != ENOSYS)
return -1;
}
-# elif defined(__APPLE__)
+# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
return (ssize_t)buflen;
diff --git a/include/crypto/rand.h b/include/crypto/rand.h
index 5350d3a93119..674f840fd13c 100644
--- a/include/crypto/rand.h
+++ b/include/crypto/rand.h
@@ -20,6 +20,16 @@
# include <openssl/rand.h>
+# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
+# include <Availability.h>
+# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \
+ (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
+# define OPENSSL_APPLE_CRYPTO_RANDOM 1
+# include <CommonCrypto/CommonCryptoError.h>
+# include <CommonCrypto/CommonRandom.h>
+# endif
+# endif
+
/* forward declaration */
typedef struct rand_pool_st RAND_POOL;

@ -192,14 +192,16 @@ in {
};
openssl_1_1 = common {
version = "1.1.1k";
sha256 = "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9";
version = "1.1.1l";
sha256 = "sha256-C3o+XlnDSCf+DDp0t+yLrvMCuY+oAIjX+RU6oW+na9E=";
patches = [
./1.1/nix-ssl-cert-file.patch
(if stdenv.hostPlatform.isDarwin
then ./1.1/use-etc-ssl-certs-darwin.patch
else ./1.1/use-etc-ssl-certs.patch)
] ++ lib.optionals (stdenv.isDarwin) [
./1.1/macos-yosemite-compat.patch
];
withDocs = true;
};