makes certain libcrypto implementations cache a /dev/urandom fd in preparation of sandboxing. Upstream patch is: https://anongit.mindrot.org/openssh.git/patch/?id=07889c75926c040b8e095949c724e66af26441cb BUG=25695426 Change-Id: I0f746c30e31e7d938c70bcebe402f472c4649919

commit: 7d4e4745a7dbe29f6c737ee62a36771ede20d09e [log] [tgz]
author: Greg Hartman <ghartman@google.com> Mon Nov 16 10:13:36 2015 -0800
committer: Greg Hartman <ghartman@google.com> Mon Nov 16 10:14:54 2015 -0800
tree: 2c3e22d6974ecbcf7cf6e28775df4ff1754e7939
parent: 245f53dba195a2a562e3df67cd7a323363b54449 [diff]
diff --git a/sshd.c b/sshd.c
index 30f8c6f..54ea6c0 100644
--- a/sshd.c
+++ b/sshd.c

@@ -623,6 +623,8 @@
 	arc4random_buf(rnd, sizeof(rnd));
 #ifdef WITH_OPENSSL
 	RAND_seed(rnd, sizeof(rnd));
+	if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+		fatal("%s: RAND_bytes failed", __func__);
 #endif
 	explicit_bzero(rnd, sizeof(rnd));
 
@@ -766,6 +768,8 @@
 	arc4random_buf(rnd, sizeof(rnd));
 #ifdef WITH_OPENSSL
 	RAND_seed(rnd, sizeof(rnd));
+	if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+		fatal("%s: RAND_bytes failed", __func__);
 #endif
 	explicit_bzero(rnd, sizeof(rnd));
 
@@ -1430,6 +1434,8 @@
 			arc4random_buf(rnd, sizeof(rnd));
 #ifdef WITH_OPENSSL
 			RAND_seed(rnd, sizeof(rnd));
+			if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+				fatal("%s: RAND_bytes failed", __func__);
 #endif
 			explicit_bzero(rnd, sizeof(rnd));
 		}
commit	7d4e4745a7dbe29f6c737ee62a36771ede20d09e	[log] [tgz]
author	Greg Hartman <ghartman@google.com>	Mon Nov 16 10:13:36 2015 -0800
committer	Greg Hartman <ghartman@google.com>	Mon Nov 16 10:14:54 2015 -0800
tree	2c3e22d6974ecbcf7cf6e28775df4ff1754e7939
parent	245f53dba195a2a562e3df67cd7a323363b54449 [diff]