Fix RNG seeding for OpenSSL w/out self seeding.

When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@

diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c
index 0231e066c5faac5c23ff6bf0c9a1b71e20f98512..fc1b4ac42828f8eb156b21671f358bed04e67218 100644 (file)
--- a/openbsd-compat/bsd-getentropy.c
+++ b/openbsd-compat/bsd-getentropy.c
@@ -41,7 +41,7 @@
 int
 _ssh_compat_getentropy(void *s, size_t len)
 {
-#ifdef WITH_OPENSSL
+#if defined(WITH_OPENSSL) && defined(OPENSSL_PRNG_ONLY)
        if (RAND_bytes(s, len) <= 0)
                fatal("Couldn't obtain random bytes (error 0x%lx)",
                    (unsigned long)ERR_get_error());
@@ -50,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len)
        ssize_t r;
        size_t o = 0;
 
+#ifdef WITH_OPENSSL
+       if (RAND_bytes(s, len) == 1)
+               return 0;
+#endif
 #ifdef HAVE_GETENTROPY
        if ((r = getentropy(s, len)) == 0)
                return 0;