diff options
author | Darren Tucker <dtucker@dtucker.net> | 2023-08-03 19:35:33 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2023-08-03 20:29:08 +1000 |
commit | 9d92e7b24848fcc605945f7c2e3460c7c31832ce (patch) | |
tree | 305e592820fdc3e544b1d2085d5a635b1004af42 | |
parent | f70010d9b0b3e7e95de8aa0b961e1d74362cfb5d (diff) |
Fix RNG seeding for OpenSSL w/out self seeding.
When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@
-rw-r--r-- | openbsd-compat/bsd-getentropy.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c index 0231e066..fc1b4ac4 100644 --- a/openbsd-compat/bsd-getentropy.c +++ b/openbsd-compat/bsd-getentropy.c @@ -41,7 +41,7 @@ int _ssh_compat_getentropy(void *s, size_t len) { -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(OPENSSL_PRNG_ONLY) if (RAND_bytes(s, len) <= 0) fatal("Couldn't obtain random bytes (error 0x%lx)", (unsigned long)ERR_get_error()); @@ -50,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len) ssize_t r; size_t o = 0; +#ifdef WITH_OPENSSL + if (RAND_bytes(s, len) == 1) + return 0; +#endif #ifdef HAVE_GETENTROPY if ((r = getentropy(s, len)) == 0) return 0; |