diff options
author | Damien Miller <djm@mindrot.org> | 2015-01-15 02:21:31 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-01-15 02:28:36 +1100 |
commit | 72ef7c148c42db7d5632a29f137f8b87b579f2d9 (patch) | |
tree | 47954a387f4260cc8b1e0ff33bbbaf22fd6f11fc /openbsd-compat/arc4random.c | |
parent | 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9 (diff) | |
download | openssh-git-72ef7c148c42db7d5632a29f137f8b87b579f2d9.tar.gz |
support --without-openssl at configure time
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
Diffstat (limited to 'openbsd-compat/arc4random.c')
-rw-r--r-- | openbsd-compat/arc4random.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c index 09dbfda1..046f57e6 100644 --- a/openbsd-compat/arc4random.c +++ b/openbsd-compat/arc4random.c @@ -26,15 +26,19 @@ #include "includes.h" +#include <sys/types.h> + +#include <fcntl.h> #include <stdlib.h> #include <string.h> #include <unistd.h> -#include <sys/types.h> #ifndef HAVE_ARC4RANDOM +#ifdef WITH_OPENSSL #include <openssl/rand.h> #include <openssl/err.h> +#endif #include "log.h" @@ -73,14 +77,44 @@ _rs_init(u_char *buf, size_t n) chacha_ivsetup(&rs, buf + KEYSZ); } +#ifndef WITH_OPENSSL +#define SSH_RANDOM_DEV "/dev/urandom" +/* XXX use getrandom() if supported on Linux */ +static void +getrnd(u_char *s, size_t len) +{ + int fd; + ssize_t r; + size_t o = 0; + + if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) + fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno)); + while (o < len) { + r = read(fd, s + o, len - o); + if (r < 0) { + if (errno == EAGAIN || errno == EINTR || + errno == EWOULDBLOCK) + continue; + fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno)); + } + o += r; + } + close(fd); +} +#endif + static void _rs_stir(void) { u_char rnd[KEYSZ + IVSZ]; +#ifdef WITH_OPENSSL if (RAND_bytes(rnd, sizeof(rnd)) <= 0) fatal("Couldn't obtain random bytes (error %ld)", ERR_get_error()); +#else + getrnd(rnd, sizeof(rnd)); +#endif if (!rs_initialized) { rs_initialized = 1; |