summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@dtucker.net>2023-08-03 19:35:33 +1000
committerDarren Tucker <dtucker@dtucker.net>2023-08-03 20:29:08 +1000
commit9d92e7b24848fcc605945f7c2e3460c7c31832ce (patch)
tree305e592820fdc3e544b1d2085d5a635b1004af42
parentf70010d9b0b3e7e95de8aa0b961e1d74362cfb5d (diff)
Fix RNG seeding for OpenSSL w/out self seeding.
When sshd is built with an OpenSSL that does not self-seed, it would fail in the preauth privsep process while handling a new connection. Sanity checked by djm@
Diffstat
-rw-r--r--openbsd-compat/bsd-getentropy.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c
index 0231e066..fc1b4ac4 100644
--- a/openbsd-compat/bsd-getentropy.c
+++ b/openbsd-compat/bsd-getentropy.c
@@ -41,7 +41,7 @@
int
_ssh_compat_getentropy(void *s, size_t len)
{
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && defined(OPENSSL_PRNG_ONLY)
if (RAND_bytes(s, len) <= 0)
fatal("Couldn't obtain random bytes (error 0x%lx)",
(unsigned long)ERR_get_error());
@@ -50,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len)
ssize_t r;
size_t o = 0;
+#ifdef WITH_OPENSSL
+ if (RAND_bytes(s, len) == 1)
+ return 0;
+#endif
#ifdef HAVE_GETENTROPY
if ((r = getentropy(s, len)) == 0)
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 04:14:13 +0000