From: Timo Sirainen <tss@iki.fi>
Date: Wed, 18 Jun 2003 01:12:32 +0000 (+0300)
Subject: Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.
X-Git-Tag: 1.1.alpha1~4550
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aceb11145db17a851153b9a5f3323b7a94b756e5;p=thirdparty%2Fdovecot%2Fcore.git

Make sure PRNG gets initialized before chrooting so it can open /dev/urandom.

--HG--
branch : HEAD
---

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 053ef1eb6f..9f0b1bb99a 100644
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -13,6 +13,7 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>
 
 #define SSL_CIPHER_LIST "ALL:!LOW"
 
@@ -403,6 +404,7 @@ static RSA *ssl_gen_rsa_key(SSL *ssl __attr_unused__,
 void ssl_proxy_init(void)
 {
 	const char *certfile, *keyfile, *paramfile;
+	char buf;
 
 	certfile = getenv("SSL_CERT_FILE");
 	keyfile = getenv("SSL_KEY_FILE");
@@ -440,6 +442,11 @@ void ssl_proxy_init(void)
 	if (SSL_CTX_need_tmp_RSA(ssl_ctx))
 		SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
 
+	/* PRNG initialization might want to use /dev/urandom, make sure it
+	   does it before chrooting. */
+	if (RAND_bytes(&buf, 1) != 1)
+		i_fatal("RAND_bytes() failed: %s\n", ssl_last_error());
+
         ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
 	ssl_initialized = TRUE;
 }