mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-18 09:44:20 +08:00
read back from libcrypto RAND when privdropping
makes certain libcrypto implementations cache a /dev/urandom fd in preparation of sandboxing. Based on patch by Greg Hartman.
This commit is contained in:
parent
1560596f44
commit
07889c7592
6
sshd.c
6
sshd.c
@ -624,6 +624,8 @@ privsep_preauth_child(void)
|
||||
arc4random_buf(rnd, sizeof(rnd));
|
||||
#ifdef WITH_OPENSSL
|
||||
RAND_seed(rnd, sizeof(rnd));
|
||||
if ((RAND_bytes((u_char *)rnd, 1)) != 1)
|
||||
fatal("%s: RAND_bytes failed", __func__);
|
||||
#endif
|
||||
explicit_bzero(rnd, sizeof(rnd));
|
||||
|
||||
@ -767,6 +769,8 @@ privsep_postauth(Authctxt *authctxt)
|
||||
arc4random_buf(rnd, sizeof(rnd));
|
||||
#ifdef WITH_OPENSSL
|
||||
RAND_seed(rnd, sizeof(rnd));
|
||||
if ((RAND_bytes((u_char *)rnd, 1)) != 1)
|
||||
fatal("%s: RAND_bytes failed", __func__);
|
||||
#endif
|
||||
explicit_bzero(rnd, sizeof(rnd));
|
||||
|
||||
@ -1436,6 +1440,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||
arc4random_buf(rnd, sizeof(rnd));
|
||||
#ifdef WITH_OPENSSL
|
||||
RAND_seed(rnd, sizeof(rnd));
|
||||
if ((RAND_bytes((u_char *)rnd, 1)) != 1)
|
||||
fatal("%s: RAND_bytes failed", __func__);
|
||||
#endif
|
||||
explicit_bzero(rnd, sizeof(rnd));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user