[Dovecot] [PATCH] OpenSSL RNG initialization

Timo Sirainen tss at iki.fi
Sat Mar 25 11:26:33 EET 2006


On Fri, 2006-03-17 at 17:28 +0100, Vilmos Nebehaj wrote:
> Hi,
> 
> dovecot tries to use OpenSSL's PRNG to generate random numbers if
> there is no /dev/urandom found. Unfortunately, it is flawed in its  
> present
> form, since the PRNG is not seeded before RAND_bytes() is called in
> src/lib/randgen.c (on systems which have /dev/urandom, OpenSSL
> automatically seeds its PRNG from the urandom device).
> 
> Here's a patch to address this issue: it tries to seed the PRNG if there
> is no /dev/urandom present (which is likely the case if dovecot uses
> OpenSSL's RAND API). It can also be fetched from

Thanks, committed to CVS. I did a couple of minor changes to make it
consistent with Dovecot's coding style.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060325/a663e351/attachment.pgp


More information about the dovecot mailing list