diff options
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/decryptcore/decryptcore.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sbin/decryptcore/decryptcore.c b/sbin/decryptcore/decryptcore.c index 80050c9a0bfb8..cc1807b18a804 100644 --- a/sbin/decryptcore/decryptcore.c +++ b/sbin/decryptcore/decryptcore.c @@ -170,6 +170,19 @@ decrypt(int ofd, const char *privkeyfile, const char *keyfile, goto failed; } + /* + * Obsolescent OpenSSL only knows about /dev/random, and needs to + * pre-seed before entering cap mode. For whatever reason, + * RSA_pub_encrypt uses the internal PRNG. + */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + { + unsigned char c[1]; + RAND_bytes(c, 1); + } +#endif + ERR_load_crypto_strings(); + caph_cache_catpages(); if (caph_enter() < 0) { pjdlog_errno(LOG_ERR, "Unable to enter capability mode"); |