summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2015-11-14 18:44:49 +1100
committerDamien Miller <djm@mindrot.org>2016-01-14 12:10:39 +1100
commit076d849e17ab12603627f87b301e2dca71bae518 (patch)
tree65244fc2803beb8752a595a9723a54cce955a842 /sshd.c
parentf72adc0150011a28f177617a8456e1f83733099d (diff)
read back from libcrypto RAND when privdropping
makes certain libcrypto implementations cache a /dev/urandom fd in preparation of sandboxing. Based on patch by Greg Hartman.
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index 65ef7e850..43d465085 100644
--- a/sshd.c
+++ b/sshd.c
@@ -624,6 +624,8 @@ privsep_preauth_child(void)
624 arc4random_buf(rnd, sizeof(rnd)); 624 arc4random_buf(rnd, sizeof(rnd));
625#ifdef WITH_OPENSSL 625#ifdef WITH_OPENSSL
626 RAND_seed(rnd, sizeof(rnd)); 626 RAND_seed(rnd, sizeof(rnd));
627 if ((RAND_bytes((u_char *)rnd, 1)) != 1)
628 fatal("%s: RAND_bytes failed", __func__);
627#endif 629#endif
628 explicit_bzero(rnd, sizeof(rnd)); 630 explicit_bzero(rnd, sizeof(rnd));
629 631
@@ -767,6 +769,8 @@ privsep_postauth(Authctxt *authctxt)
767 arc4random_buf(rnd, sizeof(rnd)); 769 arc4random_buf(rnd, sizeof(rnd));
768#ifdef WITH_OPENSSL 770#ifdef WITH_OPENSSL
769 RAND_seed(rnd, sizeof(rnd)); 771 RAND_seed(rnd, sizeof(rnd));
772 if ((RAND_bytes((u_char *)rnd, 1)) != 1)
773 fatal("%s: RAND_bytes failed", __func__);
770#endif 774#endif
771 explicit_bzero(rnd, sizeof(rnd)); 775 explicit_bzero(rnd, sizeof(rnd));
772 776
@@ -1436,6 +1440,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1436 arc4random_buf(rnd, sizeof(rnd)); 1440 arc4random_buf(rnd, sizeof(rnd));
1437#ifdef WITH_OPENSSL 1441#ifdef WITH_OPENSSL
1438 RAND_seed(rnd, sizeof(rnd)); 1442 RAND_seed(rnd, sizeof(rnd));
1443 if ((RAND_bytes((u_char *)rnd, 1)) != 1)
1444 fatal("%s: RAND_bytes failed", __func__);
1439#endif 1445#endif
1440 explicit_bzero(rnd, sizeof(rnd)); 1446 explicit_bzero(rnd, sizeof(rnd));
1441 } 1447 }