makes certain libcrypto implementations cache a /dev/urandom fd
in preparation of sandboxing.
Upstream patch is:
https://anongit.mindrot.org/openssh.git/patch/?id=07889c75926c040b8e095949c724e66af26441cb
BUG=25695426
Change-Id: I0f746c30e31e7d938c70bcebe402f472c4649919
diff --git a/sshd.c b/sshd.c
index 30f8c6f..54ea6c0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -623,6 +623,8 @@
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
@@ -766,6 +768,8 @@
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
@@ -1430,6 +1434,8 @@
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
}