search for: rand_status

...openssl/rand.h: No such file or directory configure: failed program was: #line 2568 "configure" #include "confdefs.h" #include <string.h> #include <openssl/rand.h> int main(void) { char a[2048]; memset(a, 0, sizeof(a)); RAND_add(a, sizeof(a), sizeof(a)); return(RAND_status() <= 0); } configure:2582: gcc -o conftest -g -O2 -Wall -I/usr/local/include -I/usr/local/openssl/include -L/usr/local/lib -L/usr/local/openssl/lib -L/usr/local/openssl conftest.c -lsocket -lnsl -lz -lgen -lsocket -lcrypto 1>&5 configure:2571: openssl/rand.h: No such file or direct...

...-with-prngd-port or --with-prngd-socket options I haven't done anything special in configuring openssl. If I have read the configuration for openssl correctly, with will default to the 'os' source, which I think then is getrandom(2). I think the check in openssh for this is a call to RAND_status(), which is apparently returning a failure. I can't compile without openssl, because I need to allow RSA keys. Any work arounds? Ideas follow. Compile openssh with /dev/urandom as the prngd-socket? Edit the configure script to force a success where RAND_status() is called? Call whatever op...

...ssl 3.1. I did find a post to linuxquestions in 2014 that had the same or similar problem. That obviously wasn't openssl 3.1. > I would be concerned about what else might be broken in it, possibly > in some subtle way. I would be looking at fixing your OpenSSL. Any idea how? I think RAND_status() would need to be changed. -- nw

...-L/opt/openssl/lib -L/opt/openssl -R/opt/openssl/ lib -R/opt/openssl conftest.c -ldl -lsocket -lnsl -lz -lpam -lcrypto 1>&5 configure: In function `main': configure:2856: warning: implicit declaration of function `RAND_add' configure:2857: warning: implicit declaration of function `RAND_status' Undefined first referenced symbol in file RAND_add /var/tmp/ccHZaWXy1.o RAND_status /var/tmp/ccHZaWXy1.o ld: fatal: Symbol referencing errors. No output written to conftest configure: failed p...

...vely recently. Does the OpenSSL self-test ("make tests") pass? Does its basic RNG function work (eg "openssl rand -base64 9")? And if "openssl rand" doesn't work, if you strace it what is it trying to do? > I think the check in openssh for this is a call to RAND_status(), which > is apparently returning a failure. > > I can't compile without openssl, because I need to allow RSA keys. > > Any work arounds? Ideas follow. > > Compile openssh with /dev/urandom as the prngd-socket? No, the prngd socket interface works differently to /dev/rand...

...compatible version and correct linking # *does not* test for RSA - that comes later. - AC_TRY_RUN( + AC_TRY_LINK( [ -#include <string.h> -#include <openssl/rand.h> -int main(void) -{ - char a[2048]; - memset(a, 0, sizeof(a)); - RAND_add(a, sizeof(a), sizeof(a)); - return(RAND_status() <= 0); -} + #include <string.h> + #include <openssl/rand.h> + ], + [ + char a[2048]; + memset(a, 0, sizeof(a)); + RAND_add(a, sizeof(a), sizeof(a)); + return(RAND_status() <= 0); ], [ found_crypto=1 break; - ], [] + ], [ ]...

...to `dlsym' configure: failed program was: #line 4419 "configure" #include "confdefs.h" #include <string.h> #include <openssl/rand.h> int main(void) { char a[2048]; memset(a, 0, sizeof(a)); RAND_add(a, sizeof(a), sizeof(a)); return(RAND_status() <= 0); } I use it with openssl-engine-0.9.6b and openssl-0.9.6b installed to /opt/openssl and /usr/local/ssl (ln -s). When running the make test option of openssl, it reports no problems (which kind of indicates the problem is not with openssl I hope) The machine is a Linux version 2.2.5 k...

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

...3 +++ src/lib/randgen.c 10 Mar 2006 17:15:03 -0000 @@ -81,6 +81,42 @@ return buf; } +static void random_init_rng(void) +{ + int counter = 0; + struct timeval tv; +#ifdef HAVE_GETRUSAGE + struct rusage ru; +#endif + + /* + * If the RNG is already seeded, we can return + * immediately. + */ + if (RAND_status() == 1) + return; + + /* + * Else, try to seed it. Unfortunately we don't have + * /dev/urandom, so we can only use weak random sources. + */ + while (RAND_status() != 1) { + if (gettimeofday(&tv, NULL) < 0) + i_fatal("gettimeofday() failed: %m"); + RAND_add((const void...

I'm installing openssl 0.9.5a and openssh 2.3.0p1 on an Ultra 5 running Solaris 8 with the latest cluster patch. Openssl installed without any problems. When I do a configure for openssh I get: Checking for OpenSSL directory. . . configure: error: Could not find working SSLeay / OpenSSL libraries, please install I've reinstalled openssl and everything is there. As a note I've

On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes: > On Thu, 27 Sep 2001, Dan Astoorian wrote: > > > > > It would (IMHO) be useful if there were a way to optionally configure > > that code to fall back to the internal entropy gathering routines in the > > event that EGD was not available; as it is, the routines simply fail if > > EGD is unavailable at the

...-lpam collect2: ld returned 1 exit status configure: failed program was: #line 2848 "configure" #include "confdefs.h" #include <string.h> #include <openssl/rand.h> int main(void) { char a[2048]; memset(a, 0, sizeof(a)); RAND_add(a, sizeof(a), sizeof(a)); return(RAND_status() <= 0); } configure:2862: gcc -o conftest -I/usr/local/ssl/include -Wall -I/usr/local/ssl/include -static -L/lib/security -L/lib -L/usr/local/ssl/lib -L/lib -L/lib/security -L/lib -L/usr/local/ssl -L/lib -L/usr/local/ssl/lib -L/usr/local/ssl conftest.c -ldl -lnsl -lz -lutil -lpam -lcrypto...

Over the holidays, I intend to finally rid portable OpenSSH of the builtin entropy collection code. Here's what I intend to do: When init_rng is called, we'll check OpenSSL's RAND_status(). If this indicates that their PRNG is already seeded, we'll do nothing. This effectively detects platforms which have /dev/urandom (or similar) configured into OpenSSL. If OpenSSL isn't seeded, we will fork+suid(user)+exec a subprocess "ssh-rand-helper" which will return 64 byt...

...if /* USE_PRNGD */ - - /* - * Seed OpenSSL's random number pool from Kernel random number generator - * or PRNGD/EGD - */ - void - seed_rng(void) - { - unsigned char buf[32]; - - debug("Seeding random number generator"); - - if (!get_random_bytes(buf, sizeof(buf))) { - if (!RAND_status()) - fatal("Entropy collection failed and entropy exhausted"); - } else { - RAND_add(buf, sizeof(buf), sizeof(buf)); - } - - memset(buf, '\0', sizeof(buf)); - } - - void - init_rng(void) - { - check_openssl_version(); - } - - #else /* defined(USE_PRNGD) || defined(RAN...

...o 1>&5 configure: failed program was: #line 4397 "configure" #include "confdefs.h" #include <string.h> #include <openssl/rand.h> int main(void) { char a[2048]; memset(a, 0, sizeof(a)); RAND_add(a, sizeof(a), sizeof(a)); return(RAND_status() <= 0); } (3) configure:4354: checking for OpenSSL directory configure:4411: cc -o conftest -g -I/usr/local/include conftest.c -lz -lgen -lcrypto 1>&5 cc-1005 cc: ERROR File = configure, Line = 4400 The source file "openssl/rand.h" is unavailable. #include <openssl/r...

...] + ], + [ + LIBS="$saved_LIBS -lcrypto -lRSAglue -lrsaref" + AC_TRY_RUN( + [ + #include <string.h> + #include <openssl/rand.h> + int main(void) + { + char a[2048]; + memset(a, 0, sizeof(a)); + RAND_add(a, sizeof(a), sizeof(a)); + return(RAND_status() <= 0); + } + ], + [ + found_crypto=1 + break; + ] + ) + ] ) if test ! -z "$found_crypto" ; then

...or directory configure: failed program was: #line 2568 "configure" #include "confdefs.h" #include <string.h> #include <openssl/rand.h> int main(void) { char a[2048]; memset(a, 0, sizeof(a)); RAND_add(a, sizeof(a), sizeof(a)); return(RAND_status() <= 0); } -------------8<-------------

...-I/usr/local/ssl/include -L/usr/local/lib -L/usr/local/ssl/lib -R/usr/local/lib -R/usr/local/ssl/lib conftest.c -lz -lsocket -lnsl -lgen -lcrypto 1>&5 Undefined first referenced symbol in file RAND_add conftest.o RAND_status conftest.o ld: fatal: Symbol referencing errors. No output written to conftest configure: failed program was: #line 4397 "configure" #include "confdefs.h" The solution to this problem that I found is to build OpenSSL with 32 bit support only (i.e, do ....

...to 1>&5 configure: failed program was: #line 4467 "configure" #include "confdefs.h" #include <string.h> #include <openssl/rand.h> int main(void) { char a[2048]; memset(a, 0, sizeof(a)); RAND_add(a, sizeof(a), sizeof(a)); return(RAND_status() <= 0); } #... other defaults here SSL works fine (using it for webmin). Any ideas? (I did check the list archives but nothing meaningful was there)

I have just uploaded a test release of portable openssh to http://violet.ibs.com.au/openssh/files/test This release includes some major changes picked up from OpenBSD CVS. It also includes inbuilt random number gathering support which should remove the need for EGD on systems that lack /dev/random. This support is very preliminary. Please treat it as alpha and don't use it on production