Fix RNG seeding for OpenSSL w/out self seeding.
When sshd is built with an OpenSSL that does not self-seed, it would fail in the preauth privsep process while handling a new connection. Sanity checked by djm@
This commit is contained in:
parent
f70010d9b0
commit
9d92e7b248
|
@ -41,7 +41,7 @@
|
|||
int
|
||||
_ssh_compat_getentropy(void *s, size_t len)
|
||||
{
|
||||
#ifdef WITH_OPENSSL
|
||||
#if defined(WITH_OPENSSL) && defined(OPENSSL_PRNG_ONLY)
|
||||
if (RAND_bytes(s, len) <= 0)
|
||||
fatal("Couldn't obtain random bytes (error 0x%lx)",
|
||||
(unsigned long)ERR_get_error());
|
||||
|
@ -50,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len)
|
|||
ssize_t r;
|
||||
size_t o = 0;
|
||||
|
||||
#ifdef WITH_OPENSSL
|
||||
if (RAND_bytes(s, len) == 1)
|
||||
return 0;
|
||||
#endif
|
||||
#ifdef HAVE_GETENTROPY
|
||||
if ((r = getentropy(s, len)) == 0)
|
||||
return 0;
|
||||
|
|
Loading…
Reference in New Issue