diff options
author | Damien Miller <djm@mindrot.org> | 2018-04-13 13:31:42 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-04-13 13:32:23 +1000 |
commit | afa6e79b76fb52a0c09a29688b5c0d125eb08302 (patch) | |
tree | 307b8e468c1fc8c6311ce749a2057b4bb80c14f5 /openbsd-compat/arc4random.c | |
parent | 575fac34a97f69bc217b235f81de9f8f433eceed (diff) | |
download | openssh-git-afa6e79b76fb52a0c09a29688b5c0d125eb08302.tar.gz |
prefer to use getrandom() for PRNG seeding
Only applies when built --without-openssl. Thanks Jann Horn for
reminder.
Diffstat (limited to 'openbsd-compat/arc4random.c')
-rw-r--r-- | openbsd-compat/arc4random.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c index b6256b4f..578f69f4 100644 --- a/openbsd-compat/arc4random.c +++ b/openbsd-compat/arc4random.c @@ -33,6 +33,10 @@ #include <string.h> #include <unistd.h> +#ifdef HAVE_SYS_RANDOM_H +# include <sys/random.h> +#endif + #ifndef HAVE_ARC4RANDOM #ifdef WITH_OPENSSL @@ -78,8 +82,9 @@ _rs_init(u_char *buf, size_t n) } #ifndef WITH_OPENSSL -#define SSH_RANDOM_DEV "/dev/urandom" -/* XXX use getrandom() if supported on Linux */ +# ifndef SSH_RANDOM_DEV +# define SSH_RANDOM_DEV "/dev/urandom" +# endif /* SSH_RANDOM_DEV */ static void getrnd(u_char *s, size_t len) { @@ -87,6 +92,11 @@ getrnd(u_char *s, size_t len) ssize_t r; size_t o = 0; +#ifdef HAVE_GETRANDOM + if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) + return; +#endif /* HAVE_GETRANDOM */ + if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno)); while (o < len) { @@ -101,7 +111,7 @@ getrnd(u_char *s, size_t len) } close(fd); } -#endif +#endif /* WITH_OPENSSL */ static void _rs_stir(void) |