Fix RNG seeding for OpenSSL w/out self seeding.
When sshd is built with an OpenSSL that does not self-seed, it would fail in the preauth privsep process while handling a new connection. Sanity checked by djm@
This commit is contained in:
parent
f70010d9b0
commit
9d92e7b248
|
@ -41,7 +41,7 @@
|
||||||
int
|
int
|
||||||
_ssh_compat_getentropy(void *s, size_t len)
|
_ssh_compat_getentropy(void *s, size_t len)
|
||||||
{
|
{
|
||||||
#ifdef WITH_OPENSSL
|
#if defined(WITH_OPENSSL) && defined(OPENSSL_PRNG_ONLY)
|
||||||
if (RAND_bytes(s, len) <= 0)
|
if (RAND_bytes(s, len) <= 0)
|
||||||
fatal("Couldn't obtain random bytes (error 0x%lx)",
|
fatal("Couldn't obtain random bytes (error 0x%lx)",
|
||||||
(unsigned long)ERR_get_error());
|
(unsigned long)ERR_get_error());
|
||||||
|
@ -50,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len)
|
||||||
ssize_t r;
|
ssize_t r;
|
||||||
size_t o = 0;
|
size_t o = 0;
|
||||||
|
|
||||||
|
#ifdef WITH_OPENSSL
|
||||||
|
if (RAND_bytes(s, len) == 1)
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
#ifdef HAVE_GETENTROPY
|
#ifdef HAVE_GETENTROPY
|
||||||
if ((r = getentropy(s, len)) == 0)
|
if ((r = getentropy(s, len)) == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Loading…
Reference in New Issue