On Mon, 2004-05-10 at 21:23, Benjamin J. Weiss wrote:
Thanks, but I received an email pointing out an SSL problem with Fedora and dovecot:
Well, I finally looked at what Fedora's OpenSSL package looks like. It has at least this patch which doesn't work if Dovecot is chrooted. I'm not really sure when ICA is really called though. Actually there's a bug in that patch, if open() fails rfd = -1. The check should be if (rfd == -1), not if (rfd).. Maybe it would work with that fix? Anyone want to try? --- openssl-0.9.7a/libica-1.3.5/src/prand.c.urandom 2003-07-10 16:09:35.000000000 -0400 +++ openssl-0.9.7a/libica-1.3.5/src/prand.c 2003-10-24 01:59:53.000000000 -0400 @@ -421,11 +421,26 @@ */ + /* + ** Change 10/24/03 PK: Use /dev/urandom instead. + */ static unsigned char get_byte(u_int32 *array5, int current_byte) { - u_int32 val; + static int rfd = 0; /* File descriptor to /dev/urandom */ + unsigned char retval; + + if (!rfd) { + rfd = open("/dev/urandom", O_RDONLY); + } + + /* If we have a valid fd for /dev/urandom then use it */ + if (rfd) { + read(rfd, &retval, 1); + return retval; + } + /* Otherwise use the old pseudo random number generator */ val = *(array5 + current_byte/4); current_byte %= 4;