search for: randgen

Hi, dovecot tries to use OpenSSL's PRNG to generate random numbers if there is no /dev/urandom found. Unfortunately, it is flawed in its present form, since the PRNG is not seeded before RAND_bytes() is called in src/lib/randgen.c (on systems which have /dev/urandom, OpenSSL automatically seeds its PRNG from the urandom device). Here's a patch to address this issue: it tries to seed the PRNG if there is no /dev/urandom present (which is likely the case if dovecot uses OpenSSL's RAND API). It can also be fetched fr...

Hello When booting from a slow machine, I can observe dovecot blocking the whole boot process. I traced it down to the getrandom() system call in lib/randgen.c, which blocks until the random number generator is initialized (dmesg "random: crng init done"). This can take up to three minutes (!) on my machine, as there is not much entropy available (no hardware RNG, network VPN is also waiting for random). Unfortunately dovecot calls getrandom(...

...t; wrote: > > > On Tue, Mar 05, 2019 at 05:39:28PM +0100, Axel Burri via dovecot wrote: > > Hello > > > > When booting from a slow machine, I can observe dovecot blocking the > > whole boot process. I traced it down to the getrandom() system call in > > lib/randgen.c, which blocks until the random number generator is > > initialized (dmesg "random: crng init done"). This can take up to three > > minutes (!) on my machine, as there is not much entropy available (no > > hardware RNG, network VPN is also waiting for random). > >...

...-cram-md5.c +++ b/src/auth/mech-cram-md5.c @@ -7,7 +7,9 @@ #include "ioloop.h" #include "buffer.h" #include "hex-binary.h" -#include "hmac-md5.h" +#include "hmac-cram-md5.h" +#include "hmac.h" +#include "md5.h" #include "randgen.h" #include "mech.h" #include "passdb.h" @@ -50,7 +52,7 @@ { unsigned char digest[MD5_RESULTLEN]; - struct hmac_md5_context ctx; + struct hmac_context ctx; const char *response_hex; if (size != CRAM_MD5_CONTEXTLEN) { @@ -59,9 +61,10 @@ return...

On Tue, Mar 05, 2019 at 05:39:28PM +0100, Axel Burri via dovecot wrote: > Hello > > When booting from a slow machine, I can observe dovecot blocking the > whole boot process. I traced it down to the getrandom() system call in > lib/randgen.c, which blocks until the random number generator is > initialized (dmesg "random: crng init done"). This can take up to three > minutes (!) on my machine, as there is not much entropy available (no > hardware RNG, network VPN is also waiting for random). > > Unfortunately...

Trying to get dovecot up and running. I managed to get everything compiled and linked correctly, but there seems to be some problem with either the auth process or communication between the main process and the auth process. When I try to login, I get: * OK dovecot ready. 1 login n9yty testing * OK Waiting for authentication process to respond.. And I keep getting the same message over and

...lude/mysql/mysql.h" #include <stdio.h> #include "common.h" #include "buffer.h" #include "ioloop.h" #include "network.h" #include "lib-signals.h" #include "restrict-access.h" #include "fd-close-on-exec.h" #include "randgen.h" #include "password-scheme.h" #include "mech.h" #include "auth.h" #include "auth-request-handler.h" #include "auth-worker-server.h" #include "auth-worker-client.h" #include "auth-master-interface.h" #include "auth-mas...

...i, Change src/lib-dcrypt/dcrypt-openssl.c start to: /* Copyright (c) 2016-2017 Dovecot authors, see the included COPYING file */ #include "lib.h" #include "buffer.h" #include "str.h" #include "hex-binary.h" #include "safe-memset.h" #include "randgen.h" #include "array.h" #include "module-dir.h" #include "dovecot-openssl-common.h" #include "openssl/evp.h" #include "openssl/sha.h" #include "openssl/err.h" #include "openssl/rsa.h" #include "openssl/ec.h" #include...

...BER >= 0x10100000L\s*)$/$1 && !defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c; Both configuration and compilation are OK. The test fails as follows: [...] test_load_v1_public_key .............................................. : ok Panic: file randgen.c: line 21 (random_fill): assertion failed: (init_refcount > 0) Error: Raw backtrace: 2 libdcrypt_openssl.so 0x0000000103413d24 default_fatal_finish + 36 -> 3 libdcrypt_openssl.so 0x0000000103413afd default_fatal_handler + 61 -> 4 libdcrypt_openssl.so 0x0000000103414069 i_panic + 169 -&g...

...ls.o md4.o md5.o mempool.o mempool-alloconly.o mempool-datastack.o mempool-system.o mempool-unsafe-datastack.o mkdir-parents.o mmap-anon.o mmap-util.o module-dir.o mountpoint.o network.o nfs-workarounds.o ostream.o ostream-file.o ostream-crlf.o primes.o printf-upper-bound.o process-title.o randgen.o read-full.o restrict-access.o restrict-process-size.o safe-memset.o safe-mkdir.o sendfile-util.o seq-range-array.o sha1.o str.o str-sanitize.o strescape.o strfuncs.o unix-socket-create.o unlink-directory.o unlink-lockfiles.o utc-offset.o utc-mktime.o var-expand.o write-full.o *** Error c...

> On 1 Mar 2018, at 5:56 pm, Aki Tuomi <aki.tuomi at dovecot.fi <mailto:aki.tuomi at dovecot.fi>> wrote: > > > > On 01.03.2018 07:34, James Brown wrote: >> On 1 Mar 2018, at 4:09 pm, Aki Tuomi <aki.tuomi at dovecot.fi <mailto:aki.tuomi at dovecot.fi>> wrote: >>> >>> >>> What SSL library and version? >>> ---

...z <florob at babelmonkeys.de> + * + * This software is released under the MIT license. + */ + +#include <stdlib.h> + +#include "lib.h" +#include "safe-memset.h" +#include "base64.h" +#include "buffer.h" +#include "hmac.h" +#include "randgen.h" +#include "sha1.h" +#include "str.h" +#include "password-scheme.h" + +/* SCRAM hash iteration count. RFC says it SHOULD be at least 4096 */ +#define SCRAM_ITERATE_COUNT 4096 + +static void Hi(const unsigned char *str, size_t str_size, + const unsigned ch...

Hi, I made a patch against branch-1.0 for SHA256 password hashing support for Dovecot. Courier Authlib supports this hashing scheme and in order to migrate from Courier to Dovecot, I've added SHA256 support to Dovecot. The attached patch is based on BSD licensed code from Olivier Gay (http://www.ouah.org/ogay/sha2/). Changes made by me in Olivier's sha2{.h,.c} code: - Prototype for

...Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include "common.h" +#include "mech.h" +#include "passdb.h" +#include "str.h" +#include "strfuncs.h" +#include "safe-memset.h" +#include "randgen.h" +#include "buffer.h" +#include "hostpid.h" +#include "hex-binary.h" +#include "md5.h" + +struct rpa_auth_request { + struct auth_request auth_request; + + pool_t pool; + + int phase; + + /* cached: */ + unsigned char *pwd_md5; + size_t service_len; +...

Hello! I recently upgraded from dovecot 0.9x to 1.0.5-Aplha and now when ever folders are opened (in IMAP), it keeps saying invalid mbox files. It worked fine in 0.99.x. It is detecting the right mbox files because it lists the folders and the subscriptions correctly. I am using "default_mail_env = mbox:~/mail/:INBOX=/var/mail/%u" in the config file, but I get the same error with

Hi Stepan, Sorry for the delay. It's great that you are working on MergeFunctions as well and I agree, we should definitely try to combine our efforts to improve MergeFunctions. Just to give you some context, the pass (with the similar function merging patch) is already being used in a production setting. From my point of view, it would be better if we focus on improving its capability

...4 24087 0 0.01 24070 0 0.01 24070 Queens.ll 6 16571 0 0.01 16552 0 0.01 16552 query.ll 1 16747 0 0.01 16722 0 0.01 16722 queue.ll 4 8925 0 0.01 8909 0 0.01 8909 Quicksort.ll 6 14846 0 0.01 14827 0 0.01 14827 rad2deg.ll 2 2052 0 0.01 2014 0 0.01 2014 Ralignmm.ll 8 207016 0 0.03 207001 0 0.03 207001 RandGen.ll 4 16724 0 0.01 16692 0 0.01 16692 random.ll 3 4973 0 0.01 4954 0 0.01 4954 Random.ll 7 22081 0 0.01 22061 0 0.01 22061 ratectl.ll 9 51434 0 0.01 51413 0 0.02 51413 rawcaudio.ll 1 5109 0 0.01 5073 0 0.01 5073 rawdaudio.ll 1 5091 0 0.01 5055 0 0.01 5055 ray.ll 79 139066 5 0.02 139086 2 0.02 139360...

...OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "lib.h" +#include "istream.h" +#include "ostream.h" +#include "hash.h" +#include "mail-storage-private.h" +#include "hex-binary.h" +#include "randgen.h" +#include "urlauth-plugin.h" + +#include <ctype.h> + +#define URLAUTH_KEYS_FILENAME "urlauthkeys" + +enum urlauth_keys_action { + URLAUTH_KEYS_GET, // get the key for a mailbox + URLAUTH_KEYS_SET, // set a new random key for a mailbox + URLAUTH_KEYS_DELETE // delet...