Make RAND_seed read a byte of random data.
OpenSSH calls |RAND_seed| before jailing in the expectation that that
will be sufficient to ensure that later RAND calls are successful.
See internal bug 25695426.
Change-Id: I9d3f5665249af6610328ac767cb83059bb2953dd
Reviewed-on: https://boringssl-review.googlesource.com/6494
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/rand/rand.c b/crypto/rand/rand.c
index 8b11728..892b4ba 100644
--- a/crypto/rand/rand.c
+++ b/crypto/rand/rand.c
@@ -192,7 +192,12 @@
return RAND_bytes(buf, len);
}
-void RAND_seed(const void *buf, int num) {}
+void RAND_seed(const void *buf, int num) {
+ /* OpenSSH calls |RAND_seed| before jailing on the assumption that any needed
+ * file descriptors etc will be opened. */
+ uint8_t unused;
+ RAND_bytes(&unused, sizeof(unused));
+}
int RAND_load_file(const char *path, long num) {
if (num < 0) { /* read the "whole file" */
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index de1bd8d..3a8e357 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -68,7 +68,8 @@
/* RAND_pseudo_bytes is a wrapper around |RAND_bytes|. */
OPENSSL_EXPORT int RAND_pseudo_bytes(uint8_t *buf, size_t len);
-/* RAND_seed does nothing. */
+/* RAND_seed reads a single byte of random data to ensure that any file
+ * descriptors etc are opened. */
OPENSSL_EXPORT void RAND_seed(const void *buf, int num);
/* RAND_load_file returns a nonnegative number. */
