diff options
Diffstat (limited to 'crypto/openssh/entropy.c')
-rw-r--r-- | crypto/openssh/entropy.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/crypto/openssh/entropy.c b/crypto/openssh/entropy.c index 2d483b3..9305f89 100644 --- a/crypto/openssh/entropy.c +++ b/crypto/openssh/entropy.c @@ -24,6 +24,8 @@ #include "includes.h" +#ifdef WITH_OPENSSL + #include <sys/types.h> #include <sys/socket.h> #ifdef HAVE_SYS_UN_H @@ -43,6 +45,8 @@ #include <openssl/crypto.h> #include <openssl/err.h> +#include "openbsd-compat/openssl-compat.h" + #include "ssh.h" #include "misc.h" #include "xmalloc.h" @@ -209,16 +213,7 @@ seed_rng(void) #ifndef OPENSSL_PRNG_ONLY unsigned char buf[RANDOM_SEED_SIZE]; #endif - /* - * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) for <1.0.0. - * After that, we acceptable compatible fix versions (so we - * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed - * within a patch series. - */ - u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; - if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || - (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) + if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay())) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); @@ -237,3 +232,13 @@ seed_rng(void) if (RAND_status() != 1) fatal("PRNG is not seeded"); } + +#else /* WITH_OPENSSL */ + +/* Handled in arc4random() */ +void +seed_rng(void) +{ +} + +#endif /* WITH_OPENSSL */ |