From: Timo Sirainen <tss@iki.fi>
Date: Mon, 10 May 2004 20:05:30 +0000 (+0300)
Subject: Don't require initializing RAND_bytes() to return cryptographically strong
X-Git-Tag: 1.1.alpha1~4099
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e40ad3f5f429f5eb46f8e87e22cd4686fd6030ff;p=thirdparty%2Fdovecot%2Fcore.git

Don't require initializing RAND_bytes() to return cryptographically strong
data.

--HG--
branch : HEAD
---

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 554eae3233..db229ba74a 100644
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -460,9 +460,10 @@ void ssl_proxy_init(void)
 	}
 
 	/* PRNG initialization might want to use /dev/urandom, make sure it
-	   does it before chrooting. */
-	if (RAND_bytes(&buf, 1) != 1)
-		i_fatal("RAND_bytes() failed: %s\n", ssl_last_error());
+	   does it before chrooting. We might not have enough entropy at
+	   the first try, so this function may fail. It's still been
+	   initialized though. */
+	(void)RAND_bytes(&buf, 1);
 
         ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
 	ssl_initialized = TRUE;