Farhan/openssh
| Revision | 7d4e4745a7dbe29f6c737ee62a36771ede20d09e (tree) |
|---|---|
| Time | 2015-11-17 03:14:54 |
| Author | Greg Hartman <ghartman@goog...> |
| Commiter | Greg Hartman |
makes certain libcrypto implementations cache a /dev/urandom fd
in preparation of sandboxing.
Upstream patch is:
https://anongit.mindrot.org/openssh.git/patch/?id=07889c75926c040b8e095949c724e66af26441cb
BUG=25695426
Change-Id: I0f746c30e31e7d938c70bcebe402f472c4649919
| @@ -623,6 +623,8 @@ privsep_preauth_child(void) | ||
| 623 | 623 | arc4random_buf(rnd, sizeof(rnd)); |
| 624 | 624 | #ifdef WITH_OPENSSL |
| 625 | 625 | RAND_seed(rnd, sizeof(rnd)); |
| 626 | + if ((RAND_bytes((u_char *)rnd, 1)) != 1) | |
| 627 | + fatal("%s: RAND_bytes failed", __func__); | |
| 626 | 628 | #endif |
| 627 | 629 | explicit_bzero(rnd, sizeof(rnd)); |
| 628 | 630 |
| @@ -766,6 +768,8 @@ privsep_postauth(Authctxt *authctxt) | ||
| 766 | 768 | arc4random_buf(rnd, sizeof(rnd)); |
| 767 | 769 | #ifdef WITH_OPENSSL |
| 768 | 770 | RAND_seed(rnd, sizeof(rnd)); |
| 771 | + if ((RAND_bytes((u_char *)rnd, 1)) != 1) | |
| 772 | + fatal("%s: RAND_bytes failed", __func__); | |
| 769 | 773 | #endif |
| 770 | 774 | explicit_bzero(rnd, sizeof(rnd)); |
| 771 | 775 |
| @@ -1430,6 +1434,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | ||
| 1430 | 1434 | arc4random_buf(rnd, sizeof(rnd)); |
| 1431 | 1435 | #ifdef WITH_OPENSSL |
| 1432 | 1436 | RAND_seed(rnd, sizeof(rnd)); |
| 1437 | + if ((RAND_bytes((u_char *)rnd, 1)) != 1) | |
| 1438 | + fatal("%s: RAND_bytes failed", __func__); | |
| 1433 | 1439 | #endif |
| 1434 | 1440 | explicit_bzero(rnd, sizeof(rnd)); |
| 1435 | 1441 | } |
Fork
sshd.c