[Dovecot] OpenSSL fix

18 Jun 2003

On Wed, 2003-06-18 at 01:27, Jeremy Katz wrote:
...
On Sat, 2003-06-14 at 23:58, Timo Sirainen wrote:
...
- OpenSSL problems. Are they really my fault? I have no idea what I
could be doing wrong. Maybe some compile option is wrong?
Sorry, found out the answer to this on Friday afternoon (from our local
ssl guru) and haven't had a chance to sit down and send the reasoning.
Basically, if you're using OpenSSL with the RSA blinding patch as
supplied by the OpenSSL folks, then the blinding ends up not having
entropy.  This is because /dev/urandom won't exist in your chroot and so
the SSL entropy isn't able to be setup.
I thought it would have required that in any case..
...
Probably the best fix would be initializing SSL bits before the chroot
(similar to the way timezone setup has to happen).  That or making sure
you have /dev/urandom in your chroot.  I was going to look more at the
former but just haven't had the cycles yet :/
I just looked at OpenSSL sources how it work, I think this would fix it:

diff -u -r1.16 ssl-proxy-openssl.c

--- ssl-proxy-openssl.c 11 Jun 2003 23:26:13 -0000      1.16
+++ ssl-proxy-openssl.c 18 Jun 2003 01:08:07 -0000
@@ -13,6 +13,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #define SSL_CIPHER_LIST "ALL:!LOW"
 
@@ -403,6 +404,7 @@
 void ssl_proxy_init(void)
 {
        const char *certfile, *keyfile, *paramfile;
+       char buf;
 
        certfile = getenv("SSL_CERT_FILE");
        keyfile = getenv("SSL_KEY_FILE");
@@ -439,6 +441,11 @@
 
        if (SSL_CTX_need_tmp_RSA(ssl_ctx))
                SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
+
+       /* PRNG initialization might want to use /dev/urandom, make sure it
+          does it before chrooting. */
+       if (RAND_bytes(&buf, 1) != 1)
+               i_fatal("RAND_bytes() failed: %s\n", ssl_last_error());
 
         ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
        ssl_initialized = TRUE;

    