diff options
| -rw-r--r-- | modules/pam_timestamp/hmac_openssl_wrapper.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c index bf0f6e9c..8fa6068e 100644 --- a/modules/pam_timestamp/hmac_openssl_wrapper.c +++ b/modules/pam_timestamp/hmac_openssl_wrapper.c @@ -49,6 +49,7 @@ #include <openssl/evp.h> #include <openssl/params.h> #include <openssl/core_names.h> +#include <openssl/rand.h> #include <security/pam_ext.h> #include <security/pam_modutil.h> @@ -98,6 +99,12 @@ generate_key(pam_handle_t *pamh, char **key, size_t key_size) return PAM_AUTH_ERR; } + /* Try to get random data from OpenSSL first */ + if (RAND_priv_bytes((unsigned char *)tmp, key_size) == 1) { + *key = tmp; + return PAM_SUCCESS; + } + #ifdef HAVE_GETRANDOM /* Fallback to getrandom(2) if available */ if (getrandom(tmp, key_size, 0) == (ssize_t)key_size) { |