switch to using arc4random, as prompted by deraadt@.

also, OMIT_BUILTIN_TEST, since we're just a production library (duh)
bump shlib_version accordingly
okay reyk@, thanks for looking at this!

2 files changed, 10 insertions, 0 deletions

diff --git a/lib/libsqlite3/src/os_unix.c b/lib/libsqlite3/src/os_unix.c
index abc23a452e7..6707ec142ac 100644
--- a/lib/libsqlite3/src/os_unix.c
+++ b/lib/libsqlite3/src/os_unix.c
@@ -5995,6 +5995,9 @@ static int unixRandomness(sqlite3_vfs *NotUsed, int nBuf, char *zBuf){
   */
   memset(zBuf, 0, nBuf);
 #if !defined(SQLITE_TEST)
+# if HAVE_ARC4RANDOM_BUF
+  arc4random_buf(zBuf, nBuf);
+# else
   {
     int pid, fd, got;
     fd = robust_open("/dev/urandom", O_RDONLY, 0);
@@ -6011,6 +6014,7 @@ static int unixRandomness(sqlite3_vfs *NotUsed, int nBuf, char *zBuf){
       robust_close(0, fd, __LINE__);
     }
   }
+# endif
 #endif
   return nBuf;
 }
diff --git a/lib/libsqlite3/src/random.c b/lib/libsqlite3/src/random.c
index 234ebdf658f..d371e446672 100644
--- a/lib/libsqlite3/src/random.c
+++ b/lib/libsqlite3/src/random.c
@@ -17,7 +17,12 @@
 */
 #include "sqliteInt.h"
 
+#if HAVE_ARC4RANDOM_BUF && defined(SQLITE_OMIT_BUILTIN_TEST)
+void sqlite3_randomness(int N, void *pBuf){
+	arc4random_buf(pBuf, N);
+}
 
+#else
 /* All threads share a single random number generator.
 ** This structure is the current state of the generator.
 */
@@ -143,3 +148,4 @@ void sqlite3PrngResetState(void){
   GLOBAL(struct sqlite3PrngType, sqlite3Prng).isInit = 0;
 }
 #endif /* SQLITE_OMIT_BUILTIN_TEST */
+#endif