From 9d92e7b24848fcc605945f7c2e3460c7c31832ce Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 3 Aug 2023 19:35:33 +1000 Subject: [PATCH] Fix RNG seeding for OpenSSL w/out self seeding. When sshd is built with an OpenSSL that does not self-seed, it would fail in the preauth privsep process while handling a new connection. Sanity checked by djm@ --- openbsd-compat/bsd-getentropy.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c index 0231e066c..fc1b4ac42 100644 --- a/openbsd-compat/bsd-getentropy.c +++ b/openbsd-compat/bsd-getentropy.c @@ -41,7 +41,7 @@ int _ssh_compat_getentropy(void *s, size_t len) { -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(OPENSSL_PRNG_ONLY) if (RAND_bytes(s, len) <= 0) fatal("Couldn't obtain random bytes (error 0x%lx)", (unsigned long)ERR_get_error()); @@ -50,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len) ssize_t r; size_t o = 0; +#ifdef WITH_OPENSSL + if (RAND_bytes(s, len) == 1) + return 0; +#endif #ifdef HAVE_GETENTROPY if ((r = getentropy(s, len)) == 0) return 0;