[openssh-commits] [openssh] 01/01: prefer to use getrandom() for PRNG seeding

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Apr 13 13:32:26 AEST 2018


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit afa6e79b76fb52a0c09a29688b5c0d125eb08302
Author: Damien Miller <djm at mindrot.org>
Date:   Fri Apr 13 13:31:42 2018 +1000

    prefer to use getrandom() for PRNG seeding
    
    Only applies when built --without-openssl. Thanks Jann Horn for
    reminder.
---
 configure.ac                |  2 ++
 openbsd-compat/arc4random.c | 16 +++++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 1e9f7412..8aad4516 100644
--- a/configure.ac
+++ b/configure.ac
@@ -413,6 +413,7 @@ AC_CHECK_HEADERS([ \
 	sys/prctl.h \
 	sys/pstat.h \
 	sys/ptrace.h \
+	sys/random.h \
 	sys/select.h \
 	sys/stat.h \
 	sys/stream.h \
@@ -1786,6 +1787,7 @@ AC_CHECK_FUNCS([ \
 	getpgid \
 	_getpty \
 	getrlimit \
+	getrandom \
 	getsid \
 	getttyent \
 	glob \
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index b6256b4f..578f69f4 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -33,6 +33,10 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef HAVE_SYS_RANDOM_H
+# include <sys/random.h>
+#endif
+
 #ifndef HAVE_ARC4RANDOM
 
 #ifdef WITH_OPENSSL
@@ -78,8 +82,9 @@ _rs_init(u_char *buf, size_t n)
 }
 
 #ifndef WITH_OPENSSL
-#define SSH_RANDOM_DEV "/dev/urandom"
-/* XXX use getrandom() if supported on Linux */
+# ifndef SSH_RANDOM_DEV
+#  define SSH_RANDOM_DEV "/dev/urandom"
+# endif /* SSH_RANDOM_DEV */
 static void
 getrnd(u_char *s, size_t len)
 {
@@ -87,6 +92,11 @@ getrnd(u_char *s, size_t len)
 	ssize_t r;
 	size_t o = 0;
 
+#ifdef HAVE_GETRANDOM
+	if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len)
+		return;
+#endif /* HAVE_GETRANDOM */
+
 	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
 		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno));
 	while (o < len) {
@@ -101,7 +111,7 @@ getrnd(u_char *s, size_t len)
 	}
 	close(fd);
 }
-#endif
+#endif /* WITH_OPENSSL */
 
 static void
 _rs_stir(void)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list