]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
Try EGD/PRNGD if random device fails.
authorDarren Tucker <dtucker@dtucker.net>
Fri, 18 Jun 2021 08:34:08 +0000 (18:34 +1000)
committerDarren Tucker <dtucker@dtucker.net>
Fri, 18 Jun 2021 09:32:11 +0000 (19:32 +1000)
When built --without-openssl, try EGD/PRGGD (if configured) as a last
resort before failing.

openbsd-compat/arc4random.c

index 578f69f4f74f1eb72fc733a400feb885bd008ab8..14853aba43d19a2f049f1464f2949541ce9e0a0e 100644 (file)
@@ -88,7 +88,7 @@ _rs_init(u_char *buf, size_t n)
 static void
 getrnd(u_char *s, size_t len)
 {
-       int fd;
+       int fd, save_errno;
        ssize_t r;
        size_t o = 0;
 
@@ -97,8 +97,14 @@ getrnd(u_char *s, size_t len)
                return;
 #endif /* HAVE_GETRANDOM */
 
-       if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
-               fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno));
+       if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) {
+               save_errno = errno;
+               /* Try egd/prngd before giving up. */
+               if (seed_from_prngd(s, len) == 0)
+                       return;
+               fatal("Couldn't open %s: %s", SSH_RANDOM_DEV,
+                   strerror(save_errno));
+       }
        while (o < len) {
                r = read(fd, s + o, len - o);
                if (r < 0) {