From c5c85defb2f3bfb6a462a47da8e2e2c354dbf926 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 16 Nov 2015 10:10:59 -0800 Subject: [PATCH] Make RAND_seed read a byte of random data. OpenSSH calls |RAND_seed| before jailing in the expectation that that will be sufficient to ensure that later RAND calls are successful. See internal bug 25695426. Change-Id: I9d3f5665249af6610328ac767cb83059bb2953dd Reviewed-on: https://boringssl-review.googlesource.com/6494 Reviewed-by: David Benjamin Reviewed-by: Adam Langley --- crypto/rand/rand.c | 7 ++++++- include/openssl/rand.h | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/crypto/rand/rand.c b/crypto/rand/rand.c index 8b117289..892b4ba8 100644 --- a/crypto/rand/rand.c +++ b/crypto/rand/rand.c @@ -192,7 +192,12 @@ int RAND_pseudo_bytes(uint8_t *buf, size_t len) { return RAND_bytes(buf, len); } -void RAND_seed(const void *buf, int num) {} +void RAND_seed(const void *buf, int num) { + /* OpenSSH calls |RAND_seed| before jailing on the assumption that any needed + * file descriptors etc will be opened. */ + uint8_t unused; + RAND_bytes(&unused, sizeof(unused)); +} int RAND_load_file(const char *path, long num) { if (num < 0) { /* read the "whole file" */ diff --git a/include/openssl/rand.h b/include/openssl/rand.h index de1bd8d2..3a8e357c 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -68,7 +68,8 @@ OPENSSL_EXPORT void RAND_enable_fork_unsafe_buffering(int fd); /* RAND_pseudo_bytes is a wrapper around |RAND_bytes|. */ OPENSSL_EXPORT int RAND_pseudo_bytes(uint8_t *buf, size_t len); -/* RAND_seed does nothing. */ +/* RAND_seed reads a single byte of random data to ensure that any file + * descriptors etc are opened. */ OPENSSL_EXPORT void RAND_seed(const void *buf, int num); /* RAND_load_file returns a nonnegative number. */