Date: Fri, 11 Dec 2020 14:32:42 +0000 (UTC) From: Eric van Gyzen <vangyzen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r368553 - head/sbin/decryptcore Message-ID: <202012111432.0BBEWgiR012005@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: vangyzen Date: Fri Dec 11 14:32:42 2020 New Revision: 368553 URL: https://svnweb.freebsd.org/changeset/base/368553 Log: decryptcore: preload OpenSSL error strings; seed PRNG As in r360226, preload OpenSSL error strings and seed the PRNG before entering capability mode. MFC after: 2 weeks Sponsored by: Dell EMC Isilon Modified: head/sbin/decryptcore/decryptcore.c Modified: head/sbin/decryptcore/decryptcore.c ============================================================================== --- head/sbin/decryptcore/decryptcore.c Fri Dec 11 14:11:41 2020 (r368552) +++ head/sbin/decryptcore/decryptcore.c Fri Dec 11 14:32:42 2020 (r368553) @@ -170,6 +170,19 @@ decrypt(int ofd, const char *privkeyfile, const char * goto failed; } + /* + * Obsolescent OpenSSL only knows about /dev/random, and needs to + * pre-seed before entering cap mode. For whatever reason, + * RSA_pub_encrypt uses the internal PRNG. + */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + { + unsigned char c[1]; + RAND_bytes(c, 1); + } +#endif + ERR_load_crypto_strings(); + caph_cache_catpages(); if (caph_enter() < 0) { pjdlog_errno(LOG_ERR, "Unable to enter capability mode");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012111432.0BBEWgiR012005>