89a891
From 16c1bd61384e993fef13d7be88fdd34551a2b3ce Mon Sep 17 00:00:00 2001
89a891
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
89a891
Date: Wed, 23 Jan 2019 20:12:51 +0100
89a891
Subject: [PATCH] Use custom random generator only for bind build
89a891
89a891
Do not test random entropy on startup when used by DHCP. On most cases
89a891
random entropy is not even used by DHCP. In cases it is (LDAP SSL), fail
89a891
whenever it is not available.
89a891
89a891
Resolves: rhbz#1668682
89a891
---
89a891
 lib/dns/openssl_link.c | 2 ++
89a891
 1 file changed, 2 insertions(+)
89a891
89a891
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
89a891
index 91e87d0..2551b0a 100644
89a891
--- a/lib/dns/openssl_link.c
89a891
+++ b/lib/dns/openssl_link.c
89a891
@@ -289,6 +289,7 @@ dst__openssl_init(const char *engine) {
89a891
 #endif
89a891
 #endif /* !defined(OPENSSL_NO_ENGINE) */
89a891
 
89a891
+#ifdef ISC_PLATFORM_USETHREADS
89a891
 	/* Protect ourselves against unseeded PRNG */
89a891
 	if (RAND_status() != 1) {
89a891
 		FATAL_ERROR(__FILE__, __LINE__,
89a891
@@ -296,6 +297,7 @@ dst__openssl_init(const char *engine) {
89a891
 			    "cannot be initialized (see the `PRNG not "
89a891
 			    "seeded' message in the OpenSSL FAQ)");
89a891
 	}
89a891
+#endif /* ISC_PLATFORM_USETHREADS */
89a891
 
89a891
 	return (ISC_R_SUCCESS);
89a891
 
89a891
-- 
89a891
2.20.1
89a891