diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c index 02f15f9c..ffd33734 100644 --- a/openbsd-compat/arc4random.c +++ b/openbsd-compat/arc4random.c @@ -44,13 +44,15 @@ #ifndef HAVE_ARC4RANDOM /* - * If we're not using a native getentropy, use the one from bsd-getentropy.c - * under a different name, so that if in future these binaries are run on - * a system that has a native getentropy OpenSSL cannot call the wrong one. + * Always use the getentropy implementation from bsd-getentropy.c, which + * will call a native getentropy if available then fall back as required. + * We use a different name so that OpenSSL cannot call the wrong getentropy. */ -#ifndef HAVE_GETENTROPY -# define getentropy(x, y) (_ssh_compat_getentropy((x), (y))) +int _ssh_compat_getentropy(void *, size_t); +#ifdef getentropy +# undef getentropy #endif +#define getentropy(x, y) (_ssh_compat_getentropy((x), (y))) #include "log.h" diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c index bd4b6695..554dfad7 100644 --- a/openbsd-compat/bsd-getentropy.c +++ b/openbsd-compat/bsd-getentropy.c @@ -18,8 +18,6 @@ #include "includes.h" -#ifndef HAVE_GETENTROPY - #ifndef SSH_RANDOM_DEV # define SSH_RANDOM_DEV "/dev/urandom" #endif /* SSH_RANDOM_DEV */ @@ -52,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len) ssize_t r; size_t o = 0; +#ifdef HAVE_GETENTROPY + if (r = getentropy(s, len) == 0) + return 0; +#endif /* HAVE_GETENTROPY */ #ifdef HAVE_GETRANDOM if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) return 0; @@ -79,4 +81,3 @@ _ssh_compat_getentropy(void *s, size_t len) #endif /* WITH_OPENSSL */ return 0; } -#endif /* WITH_GETENTROPY */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 4af207cd..8f815090 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -69,10 +69,6 @@ void closefrom(int); int ftruncate(int filedes, off_t length); #endif -#if defined(HAVE_DECL_GETENTROPY) && HAVE_DECL_GETENTROPY == 0 -int _ssh_compat_getentropy(void *, size_t); -#endif - #ifndef HAVE_GETLINE #include ssize_t getline(char **, size_t *, FILE *);