pam_timestamp: try RAND_priv_bytes first

* modules/pam_timestamp/hmac_openssl_wrapper.c: Include <openssl/rand.h>. (generate_key): Try RAND_priv_bytes before getrandom.
author: Benny Baumann <BenBE@geshi.org> 2023-12-11 13:46:15 +0100
committer: Dmitry V. Levin <ldv@strace.io> 2023-12-19 12:22:59 +0000
commit: 8e95e2af01b5880b37b17bb23b4c187a88046bdf (patch)
tree: 14184e9e8994e3afc224ea92abc645d613fcbabd
parent: 4936f7dc386e0f0e16d4835954ab061e87399912 (diff)
download: pam-8e95e2af01b5880b37b17bb23b4c187a88046bdf.tar.gz
pam-8e95e2af01b5880b37b17bb23b4c187a88046bdf.tar.bz2
pam-8e95e2af01b5880b37b17bb23b4c187a88046bdf.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c
index bf0f6e9c..8fa6068e 100644
--- a/modules/pam_timestamp/hmac_openssl_wrapper.c
+++ b/modules/pam_timestamp/hmac_openssl_wrapper.c
@@ -49,6 +49,7 @@
 #include <openssl/evp.h>
 #include <openssl/params.h>
 #include <openssl/core_names.h>
+#include <openssl/rand.h>
 
 #include <security/pam_ext.h>
 #include <security/pam_modutil.h>
@@ -98,6 +99,12 @@ generate_key(pam_handle_t *pamh, char **key, size_t key_size)
         return PAM_AUTH_ERR;
     }
 
+    /* Try to get random data from OpenSSL first */
+    if (RAND_priv_bytes((unsigned char *)tmp, key_size) == 1) {
+        *key = tmp;
+        return PAM_SUCCESS;
+    }
+
 #ifdef HAVE_GETRANDOM
     /* Fallback to getrandom(2) if available */
     if (getrandom(tmp, key_size, 0) == (ssize_t)key_size) {
author	Benny Baumann <BenBE@geshi.org>	2023-12-11 13:46:15 +0100
committer	Dmitry V. Levin <ldv@strace.io>	2023-12-19 12:22:59 +0000
commit	8e95e2af01b5880b37b17bb23b4c187a88046bdf (patch)
tree	14184e9e8994e3afc224ea92abc645d613fcbabd
parent	4936f7dc386e0f0e16d4835954ab061e87399912 (diff)
download	pam-8e95e2af01b5880b37b17bb23b4c187a88046bdf.tar.gz pam-8e95e2af01b5880b37b17bb23b4c187a88046bdf.tar.bz2 pam-8e95e2af01b5880b37b17bb23b4c187a88046bdf.zip