From 16792c29e60852fef00bc4f8785023561b6774af Mon Sep 17 00:00:00 2001
From: matthew <>
Date: Fri, 20 Jun 2014 00:02:12 +0000
Subject: [PATCH] arc4random: hard fail with raise(SIGKILL) if getentropy()
 returns -1

Allow other non-zero return values in case we change our mind to
return an ssize_t byte count instead of simple success/fail.

ok deraadt, djm
---
 src/lib/libc/crypt/arc4random.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c
index 985fa8a0..ea05d2a6 100644
--- a/src/lib/libc/crypt/arc4random.c
+++ b/src/lib/libc/crypt/arc4random.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random.c,v 1.35 2014/06/19 00:13:22 matthew Exp $	*/
+/*	$OpenBSD: arc4random.c,v 1.36 2014/06/20 00:02:12 matthew Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -24,6 +24,7 @@
 
 #include <fcntl.h>
 #include <limits.h>
+#include <signal.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
@@ -91,8 +92,8 @@ _rs_stir(void)
 {
 	u_char rnd[KEYSZ + IVSZ];
 
-	/* XXX */
-	(void) getentropy(rnd, sizeof rnd);
+	if (getentropy(rnd, sizeof rnd) == -1)
+		raise(SIGKILL);
 
 	if (!rs)
 		_rs_init(rnd, sizeof(rnd));