Use the OpenSSL RAND_bytes() function if getrandom() fails.

2021-10-20 09:51:17 -06:00
parent badd6267bd
commit de4fd4a31d
1 changed files with 8 additions and 0 deletions
--- a/lib/util/getentropy.c
+++ b/lib/util/getentropy.c
@@ -64,6 +64,9 @@
 #ifdef HAVE_DL_ITERATE_PHDR
 # include <link.h>
 #endif
+#ifdef HAVE_OPENSSL
+# include <openssl/rand.h>
+#endif

 #include "sudo_compat.h"
 #include "sudo_digest.h"
@@ -130,6 +133,11 @@ sudo_getentropy(void *buf, size_t len)
 	if (ret != -1)
 		return (ret);

+#ifdef HAVE_OPENSSL
+	if (RAND_bytes(buf, len) == 1)
+		return (0);
+#endif
+
 	ret = getentropy_sysctl(buf, len);
 	if (ret != -1)
 		return (ret);