search for: arc4random

Hi, Yesterday I tried to replace the system openssl in a gentoo system with libressl. With openssh an interesting issue popped up: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes So what's happening is a recursion. arc4random wants to use RAND_bytes and RAND_bytes wants to use arc4random. The result is a segfault. OpenSSH is the latest 6.6.1. A quick and working so...

tags 516774 = patch tags 516294 = upstream thanks Hi! Please find attached a diff closing #516774 by adding mkstemp(3), again with a minimalistic pseudo-arc4random(3) behind it. I?ve revisited the code. An mkstemp testsuite from the ?net shows it works, except for not caring how many ?X?en are in the template. Addressing #516294, it allows compiling and linking an mksh from today?s CVS against it: tg at tg-sidvm:~/b $ CPPFLAGS=-DMKSH_NO_LIMITS CC=klcc dash ....

...ssl-dir=/usr/sfw And it looks to be bombing here (adding in random support?): -=- gmake[1]: Entering directory `/var/tmp/openssh-4.0p1/openbsd-compat' gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/usr/sfw/include -I/usr/local/krb5/include -DHAVE_CONFIG_H -c bsd-arc4random.c In file included from bsd-arc4random.c:18: ../log.h: In function `fatal': ../log.h:56: warning: empty declaration ../log.h:65: error: parse error before "volatile" ../log.h:65: error: old-style parameter declarations in prototyped function definition ../log.h:56: error: parameter n...

Out of the box on Solaris 2.7 using the internal entropy system. I am able to login but as soon as I get past the password prompt it dies because it claims the RNG is not initialised. Transcript: [..] debug: got SSH2_MSG_SERVICE_ACCEPT You have entered the land of dragons and mystical creatures. This server does not exist.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random(9) predictable sequence vulnerability Category: core Module: sys Announced: 2008-11-24 Credits: Robert Woolley, Mark...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random(9) predictable sequence vulnerability Category: core Module: sys Announced: 2008-11-24 Credits: Robert Woolley, Mark...

I believe there is a problem with the openbsd-compat/bsd-arc4random.c file. If arc4random () is called without seed_rng having previously been called (eg if you run ssh-keygen -p ) then it does not in fact invoke seed_rng () if it is the first time. Instead it will invoke seed_rng every time BUT the first time. At least that is the way I read the code, and ch...

I'm trying to understand the rational behind the arc4random() and arc4random_stir() functions in the OpenSSH source tree. On a system that has a good random number generator, say an in kernel /dev/random what extra functionality is this stuff providing ? Would it be acceptable to replace the calls to arc4random() with reading from /dev/random and drop the...

Hi, I have been working on a portable LibreSSL build tree for a little while to test the waters: http://github.com/busterb/libressl Someone noticed an issue with the arc4random implementation that I originally grabbed from libbsd https://github.com/busterb/libressl/issues/1 So, I looked at how OpenSSH handles it, and noticed that it uses the random functions from OpenSSL unconditionally to seed the state of its version of arc4random. Regarding the new ?build without Ope...

First error: head file related. Strangely, this code has been there a while, which makes me think that the HAVE_ARC4RANDOM is somehow now showing up as set whereas perhaps it didn't used to be. tfiala at tfiala2:~/lldb/svn/lgs/build$ make make[1]: Entering directory `/mnt/ssd/work/svn/lgs/build/lib/Support' llvm[1]: Compiling Process.cpp for Debug+Asserts build In file included from /mnt/ssd/work/svn/lgs/llvm/...

.... After running autoconf and then configure, this is what I get from make: ] [root at alcove openssh_cvs]# make ] (cd openbsd-compat; make) ] make[1]: Entering directory `/mnt1/src/openssh_cvs/openbsd-compat' ] gcc -g -O2 -Wall -I/usr/lib/include -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c -o bsd-arc4random.o bsd-arc4random.c ] In file included from openbsd-compat.h:30, ] from ../includes.h:95, ] from bsd-arc4random.c:25: ] bsd-waitpid.h:38: warning: `WEXITSTATUS' redefined ] /usr/include/sys/wait.h:83: warning: this is the location of the previous definition ] bs...

...is problem. Does anybody have any suggestions gcc -g -O2 -Wall -O3 -mcpu=pentiumpro -I/usr/local/ssl/include -I. -I. -DETCDIR=\"/usr/local/etc\" -DSSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -DHAVE_CONFIG_H -c bsd-arc4random.c In file included from openbsd-compat.h:26, from includes.h:95, from bsd-arc4random.c:25: bsd-waitpid.h:38: warning: `WEXITSTATUS' redefined /usr/include/sys/wait.h:83: warning: this is the location of the previous definition bsd-waitpid.h:39: warning: `WTERMS...

...AssignedTo: bitbucket at mindrot.org ReportedBy: ray.mccaffity at usbank.com make[1]: Entering directory `/home/rxmccaf/src/openssh-4.1p1/openbsd-compat' gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/opt/sfw/openssl -I/opt/sfw/lib -DHAVE_CONFIG_H -c bsd-arc4random.c In file included from bsd-arc4random.c:18: ../log.h: In function `fatal': ../log.h:56: warning: empty declaration ../log.h:65: error: parse error before "volatile" ../log.h:65: error: old-style parameter declarations in prototyped function definition ../log.h:56: error: parameter na...

I have two machines that we are having problems compiling version 4.3p2. Both machines are Solaris 8 and gcc 3.3.2 openssl 0.9.8a is installed on both machines as well. The first exhibits an error in log.h: In file included from bsd-arc4random.c:18: ../log.h: In function `fatal': ../log.h:56: warning: empty declaration ../log.h:65: error: parse error before "volatile" ../log.h:56: error: parm types given both in parmlist and separately ../log.h:56: error: parameter name omitted bsd-arc4random.c:20: error: `rcsid' undecl...

...Platform: All OS/Version: Solaris Status: NEW Severity: critical Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: sigmunds at iu.hio.no make fails with: [...] In file included from bsd-arc4random.c:18: ../log.h: In function `fatal': ../log.h:56: warning: empty declaration ../log.h:65: error: parse error before "volatile" ../log.h:65: error: old-style parameter declarations in prototyped function definition ../log.h:56: error: parameter name omitted bsd-arc4random.c:20: error:...

https://bugzilla.mindrot.org/show_bug.cgi?id=2168 Bug ID: 2168 Summary: Fails to build after arc4random API change in OpenBSD Product: Portable OpenSSH Version: -current Hardware: All OS: OpenBSD Status: NEW Severity: minor Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org...

...ze { > # endif /* gcc version */ > #endif /* __predict_true */ > > +#ifndef __unused > +# define __unused > +#endif > + > #endif /* _DEFINES_H */ After above patch linux build fail: ................. make[1]: Entering directory `..../openbsd-compat' gcc -O2 ..../arc4random.c In file included from ..../arc4random.c:28: /usr/include/netdb.h:589:15: error: expected identifier or ?(? before ?[? token int __unused[5]; .............. Regards, Roumen -- Get SSH with X.509 certificate support http://roumenpetrov.info/openssh/

Hey all, FYI - We're seeing a whole host of errors around requiring arc4random and linkage errors building llvm/clang/lldb from top of tree. This is on lldb builds with Ubuntu 12.04 x86_64, using gcc 4.8.2 and configure-based builds. This appeared to crop up sometime since Friday morning. What's the right fix for that? Looks to be a dependency on libbsd? -- Todd Fial...

...ave just played around a little bit with the actual CVS on HP-UX 10.20. - In openbsd-compat/Makefile.in the .c.o default rule is missing: .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< - Linking sftp fails, because seed_rng() cannot be resolved. Actually it is in entropy.c (libssh) and needed by arc4random.c. A similar problem has been discussed several days ago and the problem should be solved by removing arc4random calls from sftp-client.c. In the ChangeLog there is: 20010208 - (djm) Fix linking of sftp, don't need arc4random any more. But sftp-client is dated Feb 5 and still contains...

...pat && make) make[1]: Entering directory `/tech/src/SSH-3.7.1p1/openssh-3.7.1p1/openbsd-compat' gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/tech/OPENSSH-3.7.1p1/openssl/include -I/usr/tcpwrap -I/usr/local/include -I/usr/local/include -DHAVE_CONFIG_H -c bsd-arc4random.c In file included from /usr/include/sys/user.h:77, from /usr/include/sys/audit.h:38, from ../openbsd-compat/port-aix.h:35, from ../openbsd-compat/openbsd-compat.h:166, from ../includes.h:173, from bsd-arc4random.c...