Displaying 20 results from an estimated 20 matches for "arc4random_stir".
2001 Mar 27
0
openssh stack corruption in arc4random_stir () on OS X
...0x00003574 in main (ac=4, av=0xbffffb44) at ssh.c:698
#3 0x00002060 in _start ()
#4 0x00001ea0 in start ()
#5 0x00000000 in ?? ()
It seems that options has total garbage in it; in particular the
num_identity_files is > 1 when I have only one identity file.
options is getting corrupted in arc4random_stir () at bsd-arc4random.c:73
It's actually corrupted in RC4_set_key(). I can't see anything obvious
wrong here. Before this function is called, everything seems fine, after,
the stack is corrupted. I can't get apple's hacked up gdb to stop inside
this function with debugging in...
2001 Mar 28
2
arc4randomstir() in OpenSSH
I'm trying to understand the rational behind the arc4random() and
arc4random_stir() functions in the OpenSSH source tree.
On a system that has a good random number generator, say an in
kernel /dev/random what extra functionality is this stuff providing ?
Would it be acceptable to replace the calls to arc4random() with
reading from /dev/random and drop the arc4random_stir() all...
2000 Jul 17
0
patch for getting 2.1.1p4 to compile on SunOS 4
...gt;j + r->s[r->i]) % 256;
- t = r->s[r->i];
- r->s[r->i] = r->s[r->j];
- r->s[r->j] = t;
-
- t = (r->s[r->i] + r->s[r->j]) % 256;
-
- buffer[c] = r->s[t];
- c++;
- }
-}
-
-unsigned int arc4random(void)
-{
- unsigned int r;
-
- if (rc4 == NULL)
- arc4random_stir();
-
- rc4_getbytes(rc4, (unsigned char *)&r, sizeof(r));
-
- return(r);
-}
-
-void arc4random_stir(void)
-{
- unsigned char rand_buf[32];
-
- if (rc4 == NULL)
- rc4 = xmalloc(sizeof(*rc4));
-
- seed_rng();
- RAND_bytes(rand_buf, sizeof(rand_buf));
-
- rc4_key(rc4, rand_buf, sizeof(rand_bu...
2014 Jul 12
1
openssh portable and libressl portable cause recursion between arc4random and RAND_bytes
...dom wants to use RAND_bytes
and RAND_bytes wants to use arc4random. The result is a segfault.
OpenSSH is the latest 6.6.1.
A quick and working solution was to replace the openssh-arc4random with
the one shipped by libressl. One small change is needed: the
libressl-arc4random.c doesn't have the arc4random_stir()-function,
I copied that back from the openssh-arc4random.c.
Works so far, see attached patch.
An alternative would be to check for the availability of arc4random in
libcrypto and use that if available.
cu,
--
Hanno B?ck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
--------...
2002 May 08
1
Maybe problem in openbsd-compat/bsd-arc4random.c
...m.c.old Sun Mar 18 19:00:53 2001
--- bsd-arc4random.c Wed May 8 16:44:22 2002
***************
*** 48,54 ****
static int first_time = 1;
if (rc4_ready <= 0) {
! if (!first_time)
seed_rng();
first_time = 0;
arc4random_stir();
--- 48,54 ----
static int first_time = 1;
if (rc4_ready <= 0) {
! if (first_time)
seed_rng();
first_time = 0;
arc4random_stir();
2013 Nov 06
4
[Bug 2168] New: Fails to build after arc4random API change in OpenBSD
...Status: NEW
Severity: minor
Priority: P5
Component: Build system
Assignee: unassigned-bugs at mindrot.org
Reporter: jca at wxcvbn.org
Created attachment 2372
--> https://bugzilla.mindrot.org/attachment.cgi?id=2372&action=edit
Detect arc4random_stir() availability
Since http://marc.info/?l=openbsd-cvs&m=138238762705209&w=2
OpenSSH-portable fails to build on OpenBSD-current (post 5.4). This is
a problem for the OpenBSD ports tree which includes copies of the
openssh-portable source code.
Since other OSes have not implemented yet the i...
2002 Feb 22
2
Weird problems on solaris 7 & 8
...ion
it's me, but here's the story and maybe someone can suggest an avenue of
investigation. This seems to be happening with any release of openssh
since at least 2.5.2p1.
1) Problem #1: If SSH protocol 1 is enabled then sshd segfaults right
off. This turns out to be because the call to arc4random_stir is
corrupting memory and making sensitive_data.server_key non NULL. When
key_free is then called on it's UNALLOCATED storage, you get a pretty
seg fault.
2) Problem #3: snprintf doesn't like the %.100s specifier. For some
reason 00s gets printed, and all the arguments get shifted. Thi...
2001 Feb 10
2
SNAP 20010209 fails to compile sftp on Slackware
...his message.
Here is the error:
gcc -o sftp sftp.o sftp-client.o sftp-common.o sftp-int.o log-client.o -L. -Lopenbsd-compat/ -L/usr/local/ssl/lib -L/usr/local/ssl -lssh -lopenbsd-compat -lcrypt -lz -lnsl -lutil -lcrypto -lwrap
openbsd-compat//libopenbsd-compat.a(bsd-arc4random.o): In function `arc4random_stir':
/usr/local/src/openssh-SNAP-02082001/openbsd-compat/bsd-arc4random.c:61: undefined reference to `seed_rng'
collect2: ld returned 1 exit status
make: *** [sftp] Error 1
Here is my configure:
./configure --with-tcp-wrappers --with-md5-passwords --with-default-path=$PATH
OpenSSH configure...
2011 Jan 28
2
klibc 1.5.21-1 and mksh
...;
++#include <bitsize/stdint.h>
+
+ #include <malloc.h>
+
+@@ -61,6 +62,11 @@
+ __extern unsigned short *seed48(const unsigned short *);
+ __extern void srand48(long);
+
++/* arc4random API emulation on top of jrand48 algorithm */
++__extern uint32_t arc4random(void);
++__extern void arc4random_stir(void);
++__extern void arc4random_addrandom(unsigned char *, int);
++
+ #define RAND_MAX 0x7fffffff
+ static __inline__ int rand(void)
+ {
+Index: klibc-1.5.21/usr/klibc/Kbuild
+===================================================================
+--- klibc-1.5.21.orig/usr/klibc/Kbuild 2011-01-28 12...
2002 Dec 18
2
patch for openssh3.5p1 - adds logging option
...ITY_USER, 1, NULL);
maxfd = fdlim_get(1);
if (maxfd < 0)
diff -urN openssh-3.5p1-orig/ssh-keysign.c openssh-3.5p1/ssh-keysign.c
--- openssh-3.5p1-orig/ssh-keysign.c 2002-12-18 10:10:13.000000000 -0500
+++ openssh-3.5p1/ssh-keysign.c 2002-12-18 10:43:40.000000000 -0500
@@ -160,7 +160,7 @@
arc4random_stir();
#ifdef DEBUG_SSH_KEYSIGN
- log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
+ log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0, NULL);
#endif
/* verify that ssh-keysign is enabled by the admin */
diff -urN openssh-3.5p1-orig/s...
2001 Mar 14
1
poor default seeding of RNG
Correct me if I'm wrong, but init_rng() in entropy.c doesn't call
seed_rng(), and in fact seed_rng() isn't called from _anywhere_ (in
openssh-2.5.1p2). So calls to BN_rand() only pick up the
tiny/non-existent amount of entropy added by BN_rand() itself from the
system clock (time in seconds). Shouldn't seed_rng() be called from
init_rng()? It should be called from _somewhere_,
2001 May 19
0
scp linking problem on solaris 2.6 (x86)
...to seed the
r.n.g. only on the first time? If the latter, we need this patch:
Index: openbsd-compat/bsd-arc4random.c
@@ -48,9 +48,10 @@
static int first_time = 1;
if (rc4_ready <= 0) {
- if (!first_time)
+ if (first_time) {
seed_rng();
- first_time = 0;
+ first_time = 0;
+ }
arc4random_stir();
}
If the code was really correct, I suggest rewriting it to be a little
more explicit. Like this:
if (first_time)
first_time = 0;
else
seed_rng();
..wayne..
2013 Mar 13
2
Time zone for chrooted internal-sftp?
Hi,
A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting?
What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon?
/John
--
John Olsson
Ericsson AB
2014 May 02
1
Regarding the optional OpenSSL integration for the portable version
Hi,
I have been working on a portable LibreSSL build tree for a little while to test the waters: http://github.com/busterb/libressl
Someone noticed an issue with the arc4random implementation that I originally grabbed from libbsd https://github.com/busterb/libressl/issues/1
So, I looked at how OpenSSH handles it, and noticed that it uses the random functions from OpenSSL unconditionally to seed
2001 Feb 21
0
Q: core dumped on keygen in Sol 2.6, ssh2.3.0p1, openssl-0.9.6 and zlib-1.1.3
...ng linked statically (from a .a
file).
No difference if openssl is compiled with -O, instead of -O3
-fomit-frame-pointer.
openssh is being compiled with -O2 -fstrict-aliasing.
In the case I've investigated with gdb, ssh-keygen dies the
first time it gets to RC4_set_key (openssl), called from
arc4random_stir. It dies trying to write into the memory of
"static RC4_KEY rc4;" (openbsd-compat/bsd-arc4random.c).
If, just for sport, I *initialize* rc4 [with zeros] (i.e. it
ends up in the data section, not bss), then we sail past
this problem [but it dies a bit later in some rsa code].
Do these fu...
2008 Sep 15
0
No subject
..._private
?after key_load_private
private host key: #1 type 2 DSA
?before setting protcol version options.protocol=4 ...sensitive_data.have_ssh1_key=0? sensitive_data.have_ssh2_key=1
use_privsep=1
?before get pwnam
?after get pwnam
?before set groups
?before daemon starts
?after daemon starts
before arc4random_stir
before chdir
?before signal
?after signal
?in else condition
AF_INET=2, AF_INET6=10
listen_sock=0ai->ai_family=2,ai->ai_socktype=2,ai->ai_protocol=6
listen_sock=5
Bind to port ssh on 0.0..0.0.
?strport=ssh
Server listening on 0.0.0.0 port ssh.
AF_INET=2, AF_INET6=10
listen_sock=5ai->ai_...
2001 Feb 08
2
OpenSSH 2.3.0p4/2.2.0p1, Solaris 8, ssh-keygen bus error
Hi,
I'm having a problem with ssh-keygen on Solaris 8; upon running, it
produces a bus error due to a function call in OpenSSL (RC4_set_key):
[...]
(gdb) where
#0 0x3440c in RC4_set_key ()
#1 0x2b890 in arc4random_stir ()
at /merc/tools/src/openssh-2.3.0p1/bsd-arc4random.c:65
#2 0x23ca8 in main (ac=1, av=0xffbefb94)
at /merc/tools/src/openssh-2.3.0p1/ssh-keygen.c:720
I get identical results with any combination of:
- gcc 2.95.2/binutils 2.10.1, or just gcc with Sun's as/ld (I do not have
a WorkSh...
2008 Sep 18
2
SSHD_PROBLEM
..._private
after key_load_private
private host key: #1 type 2 DSA
before setting protcol version options.protocol=4 ...sensitive_data.have_ssh1_key=0 sensitive_data.have_ssh2_key=1
use_privsep=1
before get pwnam
after get pwnam
before set groups
before daemon starts
after daemon starts
before arc4random_stir
before chdir
before signal
after signal
in else condition
AF_INET=2, AF_INET6=10
listen_sock=0ai->ai_family=2,ai->ai_socktype=2,ai->ai_protocol=6
listen_sock=5
Bind to port ssh on 0.0.0.0.
strport=ssh
Server listening on 0.0.0.0 port ssh.
AF_INET=2, AF_INET6=10
listen_sock=5ai->ai_f...
2007 Nov 22
3
[PATCH] one-time ssh-agent confirmation password
The patch (against 4.7p1) modifies gnome-ssh-askpass to optionally
generate a one-time
password and transmits it to the user via an out-of-band communication
channel. If you can
read the password and enter it back into the gnome-ssh-askpass dialog,
ssh-agent is allowed
to continue with the authentication process.
There are two ways to use the modified gnome-ssh-askpass. The first
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,