[openssh-commits] [openssh] 01/01: Always use compat getentropy.

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Nov 2 12:23:48 AEDT 2022


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch V_9_1
in repository openssh.

commit a238b6c08bc13f236ec5e1a631e25dca8e4b269e
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Tue Nov 1 19:10:30 2022 +1100

    Always use compat getentropy.
    
    Have it call native getentropy and fall back as required.  Should fix
    issues of platforms where libc has getentropy but it is not implemented
    in the kernel.  Based on github PR#354 from simsergey.
---
 openbsd-compat/arc4random.c     | 12 +++++++-----
 openbsd-compat/bsd-getentropy.c |  7 ++++---
 openbsd-compat/openbsd-compat.h |  4 ----
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index 02f15f9c..ffd33734 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -44,13 +44,15 @@
 #ifndef HAVE_ARC4RANDOM
 
 /*
- * If we're not using a native getentropy, use the one from bsd-getentropy.c
- * under a different name, so that if in future these binaries are run on
- * a system that has a native getentropy OpenSSL cannot call the wrong one.
+ * Always use the getentropy implementation from bsd-getentropy.c, which
+ * will call a native getentropy if available then fall back as required.
+ * We use a different name so that OpenSSL cannot call the wrong getentropy.
  */
-#ifndef HAVE_GETENTROPY
-# define getentropy(x, y) (_ssh_compat_getentropy((x), (y)))
+int _ssh_compat_getentropy(void *, size_t);
+#ifdef getentropy
+# undef getentropy
 #endif
+#define getentropy(x, y) (_ssh_compat_getentropy((x), (y)))
 
 #include "log.h"
 
diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c
index bd4b6695..554dfad7 100644
--- a/openbsd-compat/bsd-getentropy.c
+++ b/openbsd-compat/bsd-getentropy.c
@@ -18,8 +18,6 @@
 
 #include "includes.h"
 
-#ifndef HAVE_GETENTROPY
-
 #ifndef SSH_RANDOM_DEV
 # define SSH_RANDOM_DEV "/dev/urandom"
 #endif /* SSH_RANDOM_DEV */
@@ -52,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len)
 	ssize_t r;
 	size_t o = 0;
 
+#ifdef HAVE_GETENTROPY
+	if (r = getentropy(s, len) == 0)
+		return 0;
+#endif /* HAVE_GETENTROPY */
 #ifdef HAVE_GETRANDOM
 	if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len)
 		return 0;
@@ -79,4 +81,3 @@ _ssh_compat_getentropy(void *s, size_t len)
 #endif /* WITH_OPENSSL */
 	return 0;
 }
-#endif /* WITH_GETENTROPY */
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index 4af207cd..8f815090 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -69,10 +69,6 @@ void closefrom(int);
 int ftruncate(int filedes, off_t length);
 #endif
 
-#if defined(HAVE_DECL_GETENTROPY) && HAVE_DECL_GETENTROPY == 0
-int _ssh_compat_getentropy(void *, size_t);
-#endif
-
 #ifndef HAVE_GETLINE
 #include <stdio.h>
 ssize_t getline(char **, size_t *, FILE *);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list