From 72ef7c148c42db7d5632a29f137f8b87b579f2d9 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Thu, 15 Jan 2015 02:21:31 +1100
Subject: support --without-openssl at configure time

Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
---
 openbsd-compat/arc4random.c | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

(limited to 'openbsd-compat/arc4random.c')

diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index 09dbfda16..046f57e61 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -26,15 +26,19 @@
 
 #include "includes.h"
 
+#include <sys/types.h>
+
+#include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <sys/types.h>
 
 #ifndef HAVE_ARC4RANDOM
 
+#ifdef WITH_OPENSSL
 #include <openssl/rand.h>
 #include <openssl/err.h>
+#endif
 
 #include "log.h"
 
@@ -73,14 +77,44 @@ _rs_init(u_char *buf, size_t n)
 	chacha_ivsetup(&rs, buf + KEYSZ);
 }
 
+#ifndef WITH_OPENSSL
+#define SSH_RANDOM_DEV "/dev/urandom"
+/* XXX use getrandom() if supported on Linux */
+static void
+getrnd(u_char *s, size_t len)
+{
+	int fd;
+	ssize_t r;
+	size_t o = 0;
+
+	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
+		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno));
+	while (o < len) {
+		r = read(fd, s + o, len - o);
+		if (r < 0) {
+			if (errno == EAGAIN || errno == EINTR ||
+			    errno == EWOULDBLOCK)
+				continue;
+			fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno));
+		}
+		o += r;
+	}
+	close(fd);
+}
+#endif
+
 static void
 _rs_stir(void)
 {
 	u_char rnd[KEYSZ + IVSZ];
 
+#ifdef WITH_OPENSSL
 	if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
 		fatal("Couldn't obtain random bytes (error %ld)",
 		    ERR_get_error());
+#else
+	getrnd(rnd, sizeof(rnd));
+#endif
 
 	if (!rs_initialized) {
 		rs_initialized = 1;
-- 
cgit v1.2.3