[Dovecot] [PATCH] OpenSSL RNG initialization
Timo Sirainen
tss at iki.fi
Sat Mar 25 11:26:33 EET 2006
On Fri, 2006-03-17 at 17:28 +0100, Vilmos Nebehaj wrote:
> Hi,
>
> dovecot tries to use OpenSSL's PRNG to generate random numbers if
> there is no /dev/urandom found. Unfortunately, it is flawed in its
> present
> form, since the PRNG is not seeded before RAND_bytes() is called in
> src/lib/randgen.c (on systems which have /dev/urandom, OpenSSL
> automatically seeds its PRNG from the urandom device).
>
> Here's a patch to address this issue: it tries to seed the PRNG if there
> is no /dev/urandom present (which is likely the case if dovecot uses
> OpenSSL's RAND API). It can also be fetched from
Thanks, committed to CVS. I did a couple of minor changes to make it
consistent with Dovecot's coding style.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060325/a663e351/attachment.pgp
More information about the dovecot
mailing list