[Dovecot] Dovecot + SSL + Fedora

Mark E. Mallett mem at mv.mv.com
Mon May 24 20:10:59 EEST 2004


On Mon, May 24, 2004 at 07:50:54PM +0300, Timo Sirainen wrote:
> 
> This could also be fixed by patching OpenSSL (I think). Patch in 
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=115284

That looks similar to a private patch I created some time back when
openssl changed its RAND_bytes logic .  I've moved it forward to
successive openssl releases as I've installed them.  This is pretty
specific to the environment here though-- particularly where you know
that you have a /dev/urandom.  That openssl change (the one that
necessitated this patch) also broke systems where the /dev/urandom was
implemented via a pipe to a command.

Anyway, just for grins.. here's that local patch as carried forward
to 0.9.7d 

*** rand_unix.c.orig	Sat Dec 27 11:01:52 2003
--- rand_unix.c	Wed Mar 17 23:13:25 2004
***************
*** 167,182 ****
--- 167,203 ----
  
  	for (randomfile = randomfiles; *randomfile && n < ENTROPY_NEEDED; randomfile++)
  		{
+ 
+ #ifndef MV_COMM
  		if ((fd = open(*randomfile, O_RDONLY|O_NONBLOCK
+ #else	/* mem 20030409 -- yes, let's block */
+ 		if ((fd = open(*randomfile, O_RDONLY
+ #endif	/* MV_COMM */
+ 
  #ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
  		   our controlling tty */
  			|O_NOCTTY
  #endif
+ 
+ #ifndef MV_COMM		/* mem 20030409 -- we don't have O_NOFOLLOW
+ 			   but let's not even accidently consider
+ 			   preventing following symbolic link here.
+ 			*/
  #ifdef O_NOFOLLOW /* Fail if the file is a symbolic link */
  			|O_NOFOLLOW
  #endif
+ #endif	/* MV_COMM */
  			)) >= 0)
  			{
+ 
+ #ifndef MV_COMM		/* mem 20030409 -- don't do this idiotic timeout
+ 			   stuff-- just read from the file.  I don't care
+ 			   if it hangs forever, it's better than failing.
+ 			   Besides we'll put /dev/urandom first in the
+ 			   list so if it hangs there are bigger problems
+ 			   anyway.
+ 			*/
+ 
  			struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
  							      each file. */
  			int r;
***************
*** 208,213 ****
--- 229,251 ----
  				}
  			while ((r > 0 || (errno == EINTR || errno == EAGAIN))
  				&& t.tv_usec != 0 && n < ENTROPY_NEEDED);
+ 
+ #else		/* MV_COMM */
+ 
+ 			int r;
+ 			do {
+ 			    r = read(fd, (unsigned char*)tmpbuf+n,
+ 				         ENTROPY_NEEDED-n);
+ 			    if ( r > 0 )
+ 			        n += r;
+ 			}
+ 			while ( (r > 0) ||
+ 			        ( (errno == EINTR) || ( errno == EAGAIN ) ) );
+ 				/* yeah sure, check for AGAIN even though we
+ 				   should be blocking.
+ 				*/
+ 
+ #endif		/* MV_COMM */
  
  			close(fd);
  			}



More information about the dovecot mailing list