Make RAND_seed read a byte of random data.

OpenSSH calls |RAND_seed| before jailing in the expectation that that will be sufficient to ensure that later RAND calls are successful. See internal bug 25695426. Change-Id: I9d3f5665249af6610328ac767cb83059bb2953dd Reviewed-on: https://boringssl-review.googlesource.com/6494 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
2015-11-16 10:10:59 -08:00 · 2015-11-16 10:10:59 -08:00 · c5c85defb2
commit c5c85defb2
parent d9e27021e1
2 changed files with 8 additions and 2 deletions
--- a/crypto/rand/rand.c
+++ b/crypto/rand/rand.c
@ -192,7 +192,12 @@ int RAND_pseudo_bytes(uint8_t *buf, size_t len) {
  return RAND_bytes(buf, len);
 }

-void RAND_seed(const void *buf, int num) {}
+void RAND_seed(const void *buf, int num) {
+  /* OpenSSH calls |RAND_seed| before jailing on the assumption that any needed
+   * file descriptors etc will be opened. */
+  uint8_t unused;
+  RAND_bytes(&unused, sizeof(unused));
+}

 int RAND_load_file(const char *path, long num) {
  if (num < 0) {  /* read the "whole file" */
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@ -68,7 +68,8 @@ OPENSSL_EXPORT void RAND_enable_fork_unsafe_buffering(int fd);
 /* RAND_pseudo_bytes is a wrapper around |RAND_bytes|. */
 OPENSSL_EXPORT int RAND_pseudo_bytes(uint8_t *buf, size_t len);

-/* RAND_seed does nothing. */
+/* RAND_seed reads a single byte of random data to ensure that any file
+ * descriptors etc are opened. */
 OPENSSL_EXPORT void RAND_seed(const void *buf, int num);

 /* RAND_load_file returns a nonnegative number. */