decryptcore: preload OpenSSL error strings; seed PRNG

As in r360226, preload OpenSSL error strings and seed the PRNG before entering capability mode. MFC after: 2 weeks Sponsored by: Dell EMC Isilon
svn path=/head/; revision=368553
2020-12-11 14:32:42 +00:00 · 2020-12-11 14:32:42 +00:00 · 4617b1f62b · 2020-12-20 02:59:44 +00:00
commit 4617b1f62b
parent 580a173a05
1 changed files with 13 additions and 0 deletions
--- a/sbin/decryptcore/decryptcore.c
+++ b/sbin/decryptcore/decryptcore.c
@ -170,6 +170,19 @@ decrypt(int ofd, const char *privkeyfile, const char *keyfile,
 		goto failed;
 	}

+	/*
+	 * Obsolescent OpenSSL only knows about /dev/random, and needs to
+	 * pre-seed before entering cap mode.  For whatever reason,
+	 * RSA_pub_encrypt uses the internal PRNG.
+	 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	{
+		unsigned char c[1];
+		RAND_bytes(c, 1);
+	}
+#endif
+	ERR_load_crypto_strings();
+
 	caph_cache_catpages();
 	if (caph_enter() < 0) {
 		pjdlog_errno(LOG_ERR, "Unable to enter capability mode");