Always use compat getentropy.

Have it call native getentropy and fall back as required.  Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel.  Based on github PR#354 from simsergey.

openbsd-compat/arc4random.c

@@ -44,13 +44,15 @@
 #ifndef HAVE_ARC4RANDOM
 
 /*
- * If we're not using a native getentropy, use the one from bsd-getentropy.c
+ * Always use the getentropy implementation from bsd-getentropy.c, which
- * under a different name, so that if in future these binaries are run on
+ * will call a native getentropy if available then fall back as required.
- * a system that has a native getentropy OpenSSL cannot call the wrong one.
+ * We use a different name so that OpenSSL cannot call the wrong getentropy.
  */
-#ifndef HAVE_GETENTROPY
+int _ssh_compat_getentropy(void *, size_t);
-# define getentropy(x, y) (_ssh_compat_getentropy((x), (y)))
+#ifdef getentropy
+# undef getentropy
 #endif
+#define getentropy(x, y) (_ssh_compat_getentropy((x), (y)))
 
 #include "log.h"
 

openbsd-compat/bsd-getentropy.c

@@ -18,8 +18,6 @@
 
 #include "includes.h"
 
-#ifndef HAVE_GETENTROPY
-
 #ifndef SSH_RANDOM_DEV
 # define SSH_RANDOM_DEV "/dev/urandom"
 #endif /* SSH_RANDOM_DEV */
@@ -52,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len)
 	ssize_t r;
 	size_t o = 0;
 
+#ifdef HAVE_GETENTROPY
+	if (r = getentropy(s, len) == 0)
+		return 0;
+#endif /* HAVE_GETENTROPY */
 #ifdef HAVE_GETRANDOM
 	if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len)
 		return 0;
@@ -79,4 +81,3 @@ _ssh_compat_getentropy(void *s, size_t len)
 #endif /* WITH_OPENSSL */
 	return 0;
 }
-#endif /* WITH_GETENTROPY */

openbsd-compat/openbsd-compat.h

@@ -69,10 +69,6 @@ void closefrom(int);
 int ftruncate(int filedes, off_t length);
 #endif
 
-#if defined(HAVE_DECL_GETENTROPY) && HAVE_DECL_GETENTROPY == 0
-int _ssh_compat_getentropy(void *, size_t);
-#endif
-
 #ifndef HAVE_GETLINE
 #include <stdio.h>
 ssize_t getline(char **, size_t *, FILE *);