This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch V_7_1
in repository openssh.
commit 076d849e17ab12603627f87b301e2dca71bae518
Author: Damien Miller <djm@mindrot.org>
Date: Sat Nov 14 18:44:49 2015 +1100
read back from libcrypto RAND when privdropping
makes certain libcrypto implementations cache a /dev/urandom fd
in preparation of sandboxing. Based on patch by Greg Hartman.
---
sshd.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/sshd.c b/sshd.c
index 65ef7e8..43d4650 100644
--- a/sshd.c
+++ b/sshd.c
@@ -624,6 +624,8 @@ privsep_preauth_child(void)
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
@@ -767,6 +769,8 @@ privsep_postauth(Authctxt *authctxt)
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
@@ -1436,6 +1440,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
}
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits
djm pushed a commit to branch V_7_1
in repository openssh.
commit 076d849e17ab12603627f87b301e2dca71bae518
Author: Damien Miller <djm@mindrot.org>
Date: Sat Nov 14 18:44:49 2015 +1100
read back from libcrypto RAND when privdropping
makes certain libcrypto implementations cache a /dev/urandom fd
in preparation of sandboxing. Based on patch by Greg Hartman.
---
sshd.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/sshd.c b/sshd.c
index 65ef7e8..43d4650 100644
--- a/sshd.c
+++ b/sshd.c
@@ -624,6 +624,8 @@ privsep_preauth_child(void)
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
@@ -767,6 +769,8 @@ privsep_postauth(Authctxt *authctxt)
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
@@ -1436,6 +1440,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
}
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits