Fix RNG seeding for OpenSSL w/out self seeding.

When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@
This commit is contained in:
Darren Tucker 2023-08-03 19:35:33 +10:00
parent f70010d9b0
commit 9d92e7b248
No known key found for this signature in database
1 changed files with 5 additions and 1 deletions

View File

@ -41,7 +41,7 @@
int int
_ssh_compat_getentropy(void *s, size_t len) _ssh_compat_getentropy(void *s, size_t len)
{ {
#ifdef WITH_OPENSSL #if defined(WITH_OPENSSL) && defined(OPENSSL_PRNG_ONLY)
if (RAND_bytes(s, len) <= 0) if (RAND_bytes(s, len) <= 0)
fatal("Couldn't obtain random bytes (error 0x%lx)", fatal("Couldn't obtain random bytes (error 0x%lx)",
(unsigned long)ERR_get_error()); (unsigned long)ERR_get_error());
@ -50,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len)
ssize_t r; ssize_t r;
size_t o = 0; size_t o = 0;
#ifdef WITH_OPENSSL
if (RAND_bytes(s, len) == 1)
return 0;
#endif
#ifdef HAVE_GETENTROPY #ifdef HAVE_GETENTROPY
if ((r = getentropy(s, len)) == 0) if ((r = getentropy(s, len)) == 0)
return 0; return 0;