Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.

author Timo Sirainen <tss@iki.fi>

Wed, 18 Jun 2003 01:12:32 +0000 (04:12 +0300)

committer Timo Sirainen <tss@iki.fi>

Wed, 18 Jun 2003 01:12:32 +0000 (04:12 +0300)
author Timo Sirainen <tss@iki.fi>
Wed, 18 Jun 2003 01:12:32 +0000 (04:12 +0300)
committer Timo Sirainen <tss@iki.fi>
Wed, 18 Jun 2003 01:12:32 +0000 (04:12 +0300)
diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c

index 053ef1eb6ff377b0beb7b987301dd5a8d56ff788..9f0b1bb99a7d8b632d7aefc063eb909dcdc35b6e 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -13,6 +13,7 @@
  #include <openssl/pem.h>
  #include <openssl/ssl.h>
  #include <openssl/err.h>
+#include <openssl/rand.h>
  
  #define SSL_CIPHER_LIST "ALL:!LOW"
  
@@ -403,6 +404,7 @@ static RSA *ssl_gen_rsa_key(SSL *ssl __attr_unused__,
  void ssl_proxy_init(void)
  {
         const char *certfile, *keyfile, *paramfile;
+       char buf;
  
         certfile = getenv("SSL_CERT_FILE");
         keyfile = getenv("SSL_KEY_FILE");
@@ -440,6 +442,11 @@ void ssl_proxy_init(void)
         if (SSL_CTX_need_tmp_RSA(ssl_ctx))
                 SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
  
+       /* PRNG initialization might want to use /dev/urandom, make sure it
+          does it before chrooting. */
+       if (RAND_bytes(&buf, 1) != 1)
+               i_fatal("RAND_bytes() failed: %s\n", ssl_last_error());
+
          ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
         ssl_initialized = TRUE;
  }
author	Timo Sirainen <tss@iki.fi>
	Wed, 18 Jun 2003 01:12:32 +0000 (04:12 +0300)
committer	Timo Sirainen <tss@iki.fi>
	Wed, 18 Jun 2003 01:12:32 +0000 (04:12 +0300)