search for: random_pool

...Please accept this patch into the openssh code base. Don't forget to run autoheader and autoconf. - Dave Dykstra *** entropy.c.O Fri Jun 1 15:52:20 2001 --- entropy.c Tue Jun 5 17:41:47 2001 *************** *** 80,91 **** # define USE_PRNGD #endif - #if defined(USE_PRNGD) || defined(RANDOM_POOL) - #ifdef USE_PRNGD /* Collect entropy from PRNGD/EGD */ int ! get_random_bytes(unsigned char *buf, int len) { int fd; char msg[2]; --- 80,89 ---- # define USE_PRNGD #endif #ifdef USE_PRNGD /* Collect entropy from PRNGD/EGD */ int ! prngd_get_random_bytes(unsigned char *...

...;fatal:' result when connect() is tested: char egd_message[2] = { 0x02, 0x00 }; struct sockaddr_un addr; int addr_len; memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; /* FIXME: compile time check? */ if (sizeof(RANDOM_POOL) > sizeof(addr.sun_path)) fatal("Random pool path is too long"); strncpy(addr.sun_path, RANDOM_POOL, sizeof(addr.sun_path - 1)); addr.sun_path[sizeof(addr.sun_path - 1)] = '\0'; addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof...

...and tests fine the egd "make test" and with: #./egd.pl /etc/entropy get 22 sources found forking into background... server starting But when I go to "make host-key", it just sits there. Tracking it down, the place it stops is in random.c (line 99): c = atomicio(write, random_pool, egd_message, sizeof(egd_message)); if (c == -1) fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, st rerror(errno)); c = atomicio(read, random_pool, buf, len); <--------- HERE It's this last line it never completes (line...

Three possibly related bugs to report. N.B. The test machines in question are in peak form (with the exception of different kernel versions) and were working 100% under the old ssh 1.2.x. The two clients we tested from are machines running 2.2.13 & 2.2.14preX Linux kernels. The server where the problems appeared is running 2.2.12. 1. sshd dies periodically. The crash occurred just after a

...is --- config.h.in Sun Nov 5 21:25:18 2000 +++ config.h.in Wed Nov 8 10:25:53 2000 @@ -92,6 +92,9 @@ /* Define if you want IRIX audit trails */ #undef WITH_IRIX_AUDIT +/* Define if you want IRIX kernel job initiation */ +#undef WITH_IRIX_JOBS + /* Location of random number pool */ #undef RANDOM_POOL end --- configure.in Sun Nov 5 03:08:45 2000 +++ configure.in Wed Nov 8 10:26:57 2000 @@ -111,6 +111,7 @@ AC_DEFINE(WITH_IRIX_ARRAY) AC_DEFINE(WITH_IRIX_PROJECT) AC_DEFINE(WITH_IRIX_AUDIT) + AC_DEFINE(WITH_IRIX_JOBS) no_libsocket=1 no_libnsl=1 AC_DEFINE(BROKEN_INET_NTOA) end ---...

...file ---BEGIN PATCH--- *** config.h Wed Aug 2 14:37:08 2000 --- config.h.me Wed Aug 2 14:37:42 2000 *************** *** 41,47 **** #define WITH_IRIX_PROJECT 1 /* Define if you want IRIX audit trails */ ! #define WITH_IRIX_AUDIT 1 /* Location of random number pool */ /* #undef RANDOM_POOL */ --- 41,47 ---- #define WITH_IRIX_PROJECT 1 /* Define if you want IRIX audit trails */ ! /* #undef WITH_IRIX_AUDIT */ /* Location of random number pool */ /* #undef RANDOM_POOL */ ---END PATCH--- Shouldn't there actually be a --enable --disable switch for the IRIX stuff or a...

...uot; 1>&6 +fi + +cat >> confdefs.h <<EOF +#define XAUTH_PATH "$xauth_path" +EOF + + trap '' 1 2 15 cat > confcache <<\EOF # This file is a shell script that caches the results of configure @@ -2426,6 +2466,7 @@ s%@GNOME_ASKPASS@%$GNOME_ASKPASS%g s%@RANDOM_POOL@%$RANDOM_POOL%g s%@LIBWRAP@%$LIBWRAP%g +s%@xauth_path@%$xauth_path%g CEOF EOF _____________________________________________________ Sent by Jahoopa Free Email! Find us on the web at http://www.jahoopa.com Join today!

...**** --- 141,156 ---- void get_random_bytes(unsigned char *buf, int len) { + + #ifdef USE_SYSRANDOM + int index; + + srandom(time(NULL) + getpid()); + + for (index = 0; index < len+1; index++) { + buf[index] = rand()%255; + } + #else /* USE_SYSRANDOM */ static int random_pool; int c; #ifdef HAVE_EGD *************** *** 184,189 **** --- 200,206 ---- fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); close(random_pool); + #endif /* USE_SYSRANDOM */ } #endif /* !HAVE_ARC4RANDOM */ *** canohost.c....

...18:34:31 2000 +++ entropy.c Tue May 30 18:49:45 2000 @@ -82,8 +82,6 @@ c = atomicio(read, egd_socket, buf, len); if (c <= 0) fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); - - close(EGD_SOCKET); } #else /* !EGD_SOCKET */ #ifdef RANDOM_POOL (When close(EGD_SOCKET) -> close(egd_socket), ssh don't work.) -- IWAMURO, Motonori [E-Mail: vmi at kw.netlaputa.ne.jp / iwa at mmp.fujitsu.co.jp]

entropy.c assumes RUSAGE_SELF and RUSAGE_CHILDREN *** entropy.c.orig Thu Jun 15 13:57:28 2000 --- entropy.c Thu Jun 15 13:58:25 2000 *************** *** 201,207 **** --- 201,209 ---- total_entropy_estimate += stir_gettimeofday(1.0); total_entropy_estimate += stir_clock(0.2); + #ifdef HAVE_GETRUSAGE total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0); + #endif

...------------ --- openssh_cvs/configure.in.old Tue Feb 27 12:56:06 2001 +++ openssh_cvs/configure.in Tue Feb 27 16:54:48 2001 @@ -5,6 +5,7 @@ AC_CONFIG_HEADER(config.h) AC_PROG_CC AC_CANONICAL_HOST +AC_C_BIGENDIAN # Checks for programs. AC_PROG_CPP @@ -1279,14 +1280,14 @@ if test -z "$RANDOM_POOL" ; then AC_MSG_CHECKING(for PRNGD/EGD socket) # Insert other locations here - for egdsock in /var/run/egd-pool /etc/entropy /tmp/entropy ; do + for egdsock in /var/run/egd-pool /tmp/egd-pool /etc/entropy /tmp/entropy ; do if test -r $egdsock && $TEST_MINUS_S_SH -c &quo...

...9:47 2001 +++ openssh-2.9p2/config.h.in Wed Sep 5 19:11:41 2001 @@ -102,6 +102,9 @@ /* Define if you want IRIX kernel jobs */ #undef WITH_IRIX_JOBS +/* Define if the tty id (abbreviated name) in *tmp strips tty */ +#undef WITH_NO_TTY_IN_UTMP_ID + /* Location of random number pool */ #undef RANDOM_POOL --- openssh-2.9p2.orig/configure.in Mon May 28 17:21:44 2001 +++ openssh-2.9p2/configure.in Wed Sep 5 19:13:06 2001 @@ -111,6 +111,7 @@ AC_DEFINE(WITH_IRIX_ARRAY) AC_DEFINE(WITH_IRIX_PROJECT) AC_DEFINE(WITH_IRIX_AUDIT) + AC_DEFINE(WITH_NO_TTY_IN_UTMP_ID)...

...if you have/want arrays (cluster-wide session managment, not C arrays) */ + #undef WITH_ARRAY + + /* Define if you want IRIX project management */ + #undef WITH_IRIX_PROJECT + + /* Define if you want IRIX audit trails */ + #undef WITH_IRIX_AUDIT + /* Location of random number pool */ #undef RANDOM_POOL *** openssh-2.1.1p1.orig/session.c Wed Jun 07 07:22:38 EDT 2000 --- openssh-2.1.1p1/session.c Wed Jun 21 15:05:37 EDT 2000 *************** *** 27,32 **** --- 27,36 ---- #include "ssh2.h" #include "auth.h" + #ifdef WITH_IRIX_PROJECT + #include <proj.h> + #endif /*...

...AC_SUBST(MANTYPE) -AC_SUBST(mansubdir) - # Check whether user wants Kerberos support KRB4_MSG="no" AC_ARG_WITH(kerberos4, @@ -1645,11 +1601,6 @@ # Print summary of options -if test x$MANTYPE = x'$(CATMAN)' ; then - MAN_MSG=cat -else - MAN_MSG=man -fi if test ! -z "$RANDOM_POOL" ; then RAND_MSG="Device ($RANDOM_POOL)" else @@ -1667,7 +1618,7 @@ C=`eval echo ${sbindir}` ; C=`eval echo ${C}` D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` -F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo...

Hi, when running OpenSSH with EGD as entropy source, the sshd server connects to the EGD socket and leaves it open to re-seed on the fly. Unfortunately the connection is not checked when re-seeding, so that a failure or restart of EGD will lead to a "fatal()" abort of the sshd server process. Since a dying server process can not be accepted, I would recommend to not have sshd call it

...c openssh-SNAP-20000823.new/entropy.c --- openssh-SNAP-20000823.orig/entropy.c Sat Jul 15 06:59:15 2000 +++ openssh-SNAP-20000823.new/entropy.c Fri Aug 25 14:44:52 2000 @@ -67,6 +67,8 @@ # define RUSAGE_CHILDREN 0 #endif +char *ssh_prng_command_file = NULL; + #if defined(EGD_SOCKET) || defined(RANDOM_POOL) #ifdef EGD_SOCKET @@ -810,7 +812,7 @@ original_uid = getuid(); /* Read in collection commands */ - if (!prng_read_commands(SSH_PRNG_COMMAND_FILE)) + if (!prng_read_commands(ssh_prng_command_file)) fatal("PRNG initialisation failed -- exiting."); /* Set ourselves up to sav...

...mpiler calls it. */ /* #undef inline */ /* SSL directory. */ #define ssldir "/usr/local/ssl" /* Location of lastlog file */ #define LASTLOG_LOCATION "/var/log/lastlog" /* If lastlog is a directory */ /* #undef LASTLOG_IS_DIR */ /* Location of random number pool */ #define RANDOM_POOL "/dev/urandom" /* Are we using the Entropy gathering daemon */ /* #undef HAVE_EGD */ /* Define if your ssl headers are included with #include <ssl/header.h> */ /* #undef HAVE_SSL */ /* Define if your ssl headers are included with #include <openssl/header.h> */ #define HAV...

Okay, everything as the first large one I sent today, with a few extra mods. _PATH_MAILDIR is only used in sshd.c, that I can see, so moved the #ifdef from config.h.in to there. several files had __progname defined in the middle of the code, as well as at the top of the code, so cleaned those out. all the fixes for u_int32_t -> uint32_t and u_int16_t -> uint16_t, plus added appropriate

On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes: > On Thu, 27 Sep 2001, Dan Astoorian wrote: > > > > > It would (IMHO) be useful if there were a way to optionally configure > > that code to fall back to the internal entropy gathering routines in the > > event that EGD was not available; as it is, the routines simply fail if > > EGD is unavailable at the

Known issues: 1) Linux 'sleep 20' -- Unfixable before 2.5.0 (known work around) 2) HP/UX signal issue -- Patched and HP/UX 11 works in v2 3) SCO 2/ Native Compiler -- Unfixable before 2.5.0 (known work around) 4) NeXTStep -- Resynced, MAX_GROUPS vs NGROUPS unresolved (not major) 5) DG/UX regcomp/regexec -- Fixed. 6) Cray signal issues -- ??? 7) Solaris '$PATH' issue -- ??