search for: rand_bytes

Displaying 20 results from an estimated 26 matches for "rand_bytes".

2014 Jul 12
1
openssh portable and libressl portable cause recursion between arc4random and RAND_bytes
Hi, Yesterday I tried to replace the system openssl in a gentoo system with libressl. With openssh an interesting issue popped up: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes So what's happening is a recursion. arc4random wants to use RAND_bytes and RAND_bytes wants to use arc4random. The result is a segfault. OpenSSH is the latest 6...
2003 Mar 17
1
RAND_bytes return value
Hello, I have been doing some looking at openssl 0.9.7 and openssh3.5p1 and found a minor descrepancy. RAND_bytes() is called around line 69 of openbsd-compat/bsd-arc4random.c. It checks to see if the return is not zero. The RAND_bytes function can also return -1, too. All the code in openssl uses <=0 for the test rather than !. Best Regards, Steve Grubb __________________________________________________...
2004 Mar 30
1
Fatal: RAND_bytes() failed
This morning dovecot died with the following messages in the errorlog. Any solution to this problem? I am using Fedora Core 1 on a SMP i686 box. imap-login: Mar 30 08:08:00 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded dovecot: Mar 30 08:08:00 Error: Login process died too early - shutting down dovecot: Mar 30 08:08:00 Error: child 21354 (login) returned error 89...
2004 May 24
3
Dovecot + SSL + Fedora
I've been seeing the Dovecot/SSL/Fedora 1 problem. I have a dovecot server which tends to die at least once a day, with messages like these :- May 24 13:44:44 mail pop3-login: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded May 24 13:44:44 mail dovecot: Login process died too early - shutting down I noticed Timo's email about this at: http://www.dovecot.org/list/dovecot/2004-May/003316.html with the patch that just ignores the ret...
2003 Jun 23
1
OpenSSL on AIX
Hi, with current test releases SSL doesn't work anymore for me on AIX 4.3 with dovecot-0.99.10-test14. It worked with 0.99.9.1. dovecot: Jun 23 19:42:23 Info: Dovecot starting up imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number...
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,
2004 Jan 24
1
dovecot crash
I woke up this morning and my dovecot server had died with the following in the dovecot.log file: pop3-login: Jan 23 10:23:08 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded dovecot: Jan 23 10:23:08 Error: Login process died too early - shutting down dovecot: Jan 23 10:23:08 Error: child 16321 (login) returned error 89 How can I find out whats going wrong? -------------- next part ----...
2002 Jan 22
4
ssh-rand-helper
...oning here: Define USE_PRNGD, USE_CMDS, or both. Case 1: USE_PRNGD && USE_CMDS: read_seedfile() fetch 96 bytes from PRNGD if successful output(bytes 1-48) RAND_add(bytes 49-96) /* for seedfile */ Otherwise stir_from_commands() stir_from_system() output(RAND_bytes(48)) write_seedfile() Case 2: !USE_PRNGD && USE_CMDS: read_seedfile() stir_from_commands() stir_from_system() output(RAND_bytes(48)) write_seedfile() Case 3: USE_PRNGD && !USE_CMDS: fetch 48 bytes from PRNGD if successful o...
2006 Mar 17
1
[PATCH] OpenSSL RNG initialization
Hi, dovecot tries to use OpenSSL's PRNG to generate random numbers if there is no /dev/urandom found. Unfortunately, it is flawed in its present form, since the PRNG is not seeded before RAND_bytes() is called in src/lib/randgen.c (on systems which have /dev/urandom, OpenSSL automatically seeds its PRNG from the urandom device). Here's a patch to address this issue: it tries to seed the PRNG if there is no /dev/urandom present (which is likely the case if dovecot uses OpenSSL's RAND...
2004 Apr 09
1
dovecot dies - mabye a clue?
Dovecot died twice today. This was in the maillog: Apr 9 17:50:27 ciscy pop3-login: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded Apr 9 17:50:27 ciscy dovecot: Login process died too early - shutting down I think I can cause it to happen reliably and I'm asking for other to test this scenario: Open several terminal windows. In each, typ...
2004 Mar 19
1
Re: Dovecot died due to some SSL related error
...om Feb 4.) > Hi, > Dovecot (pre-compiled version of Fedora Core 1, configured for Maildir) > is running fine for me since a few days. It happened now twice to me > that dovecot died with the following error message in /var/log/maillog: > > Feb 4 11:18:27 hundehuette imap-login: RAND_bytes() failed: > error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not > seeded > Feb 4 11:18:27 hundehuette dovecot: Login process died too early - > shutting down > > As these previous log messages indicate the login was working before > without any problem: > Feb...
2003 Jun 15
3
0.99.10-test12
http://dovecot.procontrol.fi/test/ I should have released 0.99.10 already I think.. There's just two annoying problems that I think should be fixed first: - PAM: If user gives a wrong password, dovecot-auth process sleeps for two seconds, blocking everyone else who are trying to authenticate at the time. So using PAM isn't very good idea at the moment. - OpenSSL problems. Are they
2004 May 27
5
0.99.10.5 released
...when moving mails from new/ to cur/. - Maildir: synchronization might have sometimes set wrong flags to messages, or crash completely - Maildir: RENAME xx inbox.xx didn't result as uppercased ".INBOX.xx" directory which then couldn't be accessed - Don't crash with RAND_bytes() error messages anymore. This mostly happened with Fedora/RedHat. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovec...
2000 Jul 17
0
patch for getting 2.1.1p4 to compile on SunOS 4
...int arc4random(void) -{ - unsigned int r; - - if (rc4 == NULL) - arc4random_stir(); - - rc4_getbytes(rc4, (unsigned char *)&r, sizeof(r)); - - return(r); -} - -void arc4random_stir(void) -{ - unsigned char rand_buf[32]; - - if (rc4 == NULL) - rc4 = xmalloc(sizeof(*rc4)); - - seed_rng(); - RAND_bytes(rand_buf, sizeof(rand_buf)); - - rc4_key(rc4, rand_buf, sizeof(rand_buf)); - memset(rand_buf, 0, sizeof(rand_buf)); -} -#endif /* !HAVE_ARC4RANDOM */ - #ifndef HAVE_SETPROCTITLE void setproctitle(const char *fmt, ...) { @@ -159,8 +78,13 @@ #endif /* !defined(HAVE_SETEUID) && defined(HA...
2004 Feb 04
0
Dovecot died due to some SSL related error
Hi, Dovecot (pre-compiled version of Fedora Core 1, configured for Maildir) is running fine for me since a few days. It happened now twice to me that dovecot died with the following error message in /var/log/maillog: Feb 4 11:18:27 hundehuette imap-login: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded Feb 4 11:18:27 hundehuette dovecot: Login process died too early - shutting down As these previous log messages indicate the login was working before without any problem: Feb 4 11:02:37 hundehuette imap-login: Log...
2004 May 27
0
0.99.10.5-rc2
...ot.org/rc/ Just a few more changes: - --with-moduledir option to configure - compile fix to Solaris 10 - mbox syncing complains if mbox is modified while we have it locked and something goes wrong (lock settings are wrong) - maildir: RENAME xx inbox.xx makes sure INBOX is uppercased. - "RAND_bytes() failed:" SSL "fix" for fedora/redhat -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attach...
2001 Dec 01
1
mips/mipsel problem
Hi, There seems to be a problem with the arc4random code on mips/mipsel, producing the following error message: Couldn't obtain random bytes (error 604389476) To quote the bug submitter: "On mips and mipsel, the above error message is frequently seen when calling ssh with a command, usually several times in rapid succession, although that is not always the case. The error appears to
2001 Jan 16
1
ssh drops privs when it can't find ~/.ssh/prng_seed
...y is there */ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_USER_DIR); mkdir(filename, 0700); snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); debug("writing PRNG seed to file %.100s", filename); RAND_bytes(seed, sizeof(seed)); /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) { debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)", filename, strerror(errno)); } else {...
2008 May 16
0
cfservd crashing on 7.0
...b/libcrypto.so.5 #28 0x00000000 in ?? () #29 0x00000000 in ?? () #30 0x2952e080 in ?? () #31 0x0000952a in ?? () #32 0x000036ea in ?? () #33 0x00000000 in ?? () #34 0x2838f08c in ?? () from /lib/libcrypto.so.5 #35 0x29512080 in ?? () #36 0x2952a102 in ?? () #37 0xbf8f5d68 in ?? () #38 0x282f2eac in RAND_bytes () from /lib/libcrypto.so.5 Previous frame identical to this frame (corrupt stack?) (gdb) Thanks, Steve
2005 Nov 17
3
4.2 and the 'last' command
We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing