[openssh-commits] [openssh] 01/01: Fix RNG seeding for OpenSSL w/out self seeding.
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Aug 3 20:29:32 AEST 2023
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 9d92e7b24848fcc605945f7c2e3460c7c31832ce
Author: Darren Tucker <dtucker at dtucker.net>
Date: Thu Aug 3 19:35:33 2023 +1000
Fix RNG seeding for OpenSSL w/out self seeding.
When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@
---
openbsd-compat/bsd-getentropy.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c
index 0231e066..fc1b4ac4 100644
--- a/openbsd-compat/bsd-getentropy.c
+++ b/openbsd-compat/bsd-getentropy.c
@@ -41,7 +41,7 @@
int
_ssh_compat_getentropy(void *s, size_t len)
{
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && defined(OPENSSL_PRNG_ONLY)
if (RAND_bytes(s, len) <= 0)
fatal("Couldn't obtain random bytes (error 0x%lx)",
(unsigned long)ERR_get_error());
@@ -50,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len)
ssize_t r;
size_t o = 0;
+#ifdef WITH_OPENSSL
+ if (RAND_bytes(s, len) == 1)
+ return 0;
+#endif
#ifdef HAVE_GETENTROPY
if ((r = getentropy(s, len)) == 0)
return 0;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list