[openssh-commits] [openssh] 02/02: Try EGD/PRNGD if random device fails.

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Jun 18 19:34:44 AEST 2021


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit e409d7966785cfd9f5970e66a820685c42169717
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Fri Jun 18 18:34:08 2021 +1000

    Try EGD/PRNGD if random device fails.
    
    When built --without-openssl, try EGD/PRGGD (if configured) as a last
    resort before failing.
---
 openbsd-compat/arc4random.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index 578f69f4..14853aba 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -88,7 +88,7 @@ _rs_init(u_char *buf, size_t n)
 static void
 getrnd(u_char *s, size_t len)
 {
-	int fd;
+	int fd, save_errno;
 	ssize_t r;
 	size_t o = 0;
 
@@ -97,8 +97,14 @@ getrnd(u_char *s, size_t len)
 		return;
 #endif /* HAVE_GETRANDOM */
 
-	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
-		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno));
+	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) {
+		save_errno = errno;
+		/* Try egd/prngd before giving up. */
+		if (seed_from_prngd(s, len) == 0)
+			return;
+		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV,
+		    strerror(save_errno));
+	}
 	while (o < len) {
 		r = read(fd, s + o, len - o);
 		if (r < 0) {

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list