Don't require initializing RAND_bytes() to return cryptographically strong

data.

--HG--
branch : HEAD

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 554eae3233912bb6ef20ea999d5443005b5dfd38..db229ba74ae1903781aac4fb7878bb4c7b7612bc 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -460,9 +460,10 @@ void ssl_proxy_init(void)
        }
 
        /* PRNG initialization might want to use /dev/urandom, make sure it
-          does it before chrooting. */
-       if (RAND_bytes(&buf, 1) != 1)
-               i_fatal("RAND_bytes() failed: %s\n", ssl_last_error());
+          does it before chrooting. We might not have enough entropy at
+          the first try, so this function may fail. It's still been
+          initialized though. */
+       (void)RAND_bytes(&buf, 1);
 
         ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
        ssl_initialized = TRUE;