Google Git
Sign in
boringssl/boringssl/c5c85defb2f3bfb6a462a47da8e2e2c354dbf926^!/./include/openssl/rand.h
commit
c5c85defb2f3bfb6a462a47da8e2e2c354dbf926
[log]
author
Adam Langley <agl@google.com>
Mon Nov 16 10:10:59 2015 -0800
committer
Adam Langley <agl@google.com>
Mon Nov 16 21:58:46 2015 +0000
tree
151ffb4c575127084ccbde8e24579b93cb355692
parent
d9e27021e171d5f8c790b282315a07bde735da97 [diff] [blame]
Make RAND_seed read a byte of random data.

OpenSSH calls |RAND_seed| before jailing in the expectation that that
will be sufficient to ensure that later RAND calls are successful.

See internal bug 25695426.

Change-Id: I9d3f5665249af6610328ac767cb83059bb2953dd
Reviewed-on: https://boringssl-review.googlesource.com/6494
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index de1bd8d..3a8e357 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h

@@ -68,7 +68,8 @@
 /* RAND_pseudo_bytes is a wrapper around |RAND_bytes|. */
 OPENSSL_EXPORT int RAND_pseudo_bytes(uint8_t *buf, size_t len);
 
-/* RAND_seed does nothing. */
+/* RAND_seed reads a single byte of random data to ensure that any file
+ * descriptors etc are opened. */
 OPENSSL_EXPORT void RAND_seed(const void *buf, int num);
 
 /* RAND_load_file returns a nonnegative number. */