From: Darren Tucker <dtucker@dtucker.net>
Date: Fri, 18 Jun 2021 08:34:08 +0000 (+1000)
Subject: Try EGD/PRNGD if random device fails.
X-Git-Tag: V_8_7_P1~140
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e409d7966785cfd9f5970e66a820685c42169717;p=thirdparty%2Fopenssh-portable.git

Try EGD/PRNGD if random device fails.

When built --without-openssl, try EGD/PRGGD (if configured) as a last
resort before failing.
---

diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index 578f69f4f..14853aba4 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -88,7 +88,7 @@ _rs_init(u_char *buf, size_t n)
 static void
 getrnd(u_char *s, size_t len)
 {
-	int fd;
+	int fd, save_errno;
 	ssize_t r;
 	size_t o = 0;
 
@@ -97,8 +97,14 @@ getrnd(u_char *s, size_t len)
 		return;
 #endif /* HAVE_GETRANDOM */
 
-	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
-		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno));
+	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) {
+		save_errno = errno;
+		/* Try egd/prngd before giving up. */
+		if (seed_from_prngd(s, len) == 0)
+			return;
+		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV,
+		    strerror(save_errno));
+	}
 	while (o < len) {
 		r = read(fd, s + o, len - o);
 		if (r < 0) {