diff options
author | Darren Tucker <dtucker@dtucker.net> | 2022-08-10 17:25:24 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2022-08-10 17:36:44 +1000 |
commit | 7e2f51940ba48a1c0fae1107801ea643fa83c971 (patch) | |
tree | c68041342e100b4b3bde3a4a81f13854d425cf76 /openbsd-compat/arc4random.c | |
parent | 7a01f61be8d0aca0e975e7417f26371495fe7674 (diff) | |
download | openssh-git-7e2f51940ba48a1c0fae1107801ea643fa83c971.tar.gz |
Rename our getentropy to prevent possible loops.
Since arc4random seeds from getentropy, and we use OpenSSL for that
if enabled, there's the possibility that if we build on a system that
does not have getentropy then run on a system that does have it, then
OpenSSL could end up calling our getentropy and getting stuck in a loop.
Pointed out by deraadt@, ok djm@
Diffstat (limited to 'openbsd-compat/arc4random.c')
-rw-r--r-- | openbsd-compat/arc4random.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c index f43b5c7c..2f91c2b2 100644 --- a/openbsd-compat/arc4random.c +++ b/openbsd-compat/arc4random.c @@ -35,6 +35,15 @@ #ifndef HAVE_ARC4RANDOM +/* + * If we're not using a native getentropy, use the one from bsd-getentropy.c + * under a different name, so that if in future these binaries are run on + * a system that has a native getentropy OpenSSL cannot call the wrong one. + */ +#ifndef HAVE_GETENTROPY +# define getentropy(x, y) (_ssh_compat_getentropy((x), (y))) +#endif + #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) #include "log.h" |